Story image

Australian firms face cybersecurity inertia as the struggle to keep up takes its toll

12 Mar 2018

Australian organisations are being left stranded in a haze of inertia about their cybersecurity strategies, even after a cyber attack has hit them.

Research from CyberArk’s Global Advanced Threat Landscape Report 2018 suggests that inertia is increasing organisations’ vulnerability to attacks, particularly for the 52% of respondents who rarely change their security strategy even after being attacked.

“Attackers have almost limitless freedom and agility, and are constantly evolving their tools and techniques. Organisations, being much larger and more structured are not able to evolve their security strategy and controls to match this pace of change,” comments CyberArk’s regional director of Australia and New Zealand, Matthew Brazier.

The study’s findings suggest that inertia is now part of many organisations that do not believe they are able to repel or contain cyber threats.

 45% of Australians say their organisation can’t prevent attackers breaking into internal networks each time an attack is attempted.

Part of the problem may lie in the insufficient storage and use of administrative credentials. 41% of Australian respondents say those credentials are stored in Word or Excel documents on company PCs.

DevOps and cloud processes can also be automated, which means privileged accounts, credentials and secrets are being created at a ‘prolific’ rate, CyberArk states.

Brazier says that privileged accounts and secrets are targeted in almost every attack.

“These are the most prized assets for attackers as these allow them to bypass other security controls undetected. The most cyber mature organisations in Australia have a deep awareness of their privileged asset landscape and have put in place strong controls around the way these are issued, used and audited. Aligning both defensive and alerting capabilities to protect these assets is fundamental to an effective security strategy.”

Despite data protection regulations coming into force across the world, 58% of Australian respondents say their customers’ privacy and personally identifiable information may be at risk because the organisation doesn’t provide security beyond the legally-required basics.

Globally, IT professionals are most concerned about security threats including targeted phishing attacks (56%); insider threats (51%); ransomware or malware (48%); unsecured privileged accounts (42%); and unsecured data in the cloud (41%).

The majority of Australian respondents (85%) agree that cybersecurity strategy should be a regular board-level discussion topic.

Australians are also less concerned about recognising or rewarding employees who prevent a security breach (46%) than their US counterparts (76%).

CyberArk polled 1300 IT security decision makers as part of its report.  See how Singapore respondents fared by clicking here.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.