Story image

Australian firms face cybersecurity inertia as the struggle to keep up takes its toll

12 Mar 2018

Australian organisations are being left stranded in a haze of inertia about their cybersecurity strategies, even after a cyber attack has hit them.

Research from CyberArk’s Global Advanced Threat Landscape Report 2018 suggests that inertia is increasing organisations’ vulnerability to attacks, particularly for the 52% of respondents who rarely change their security strategy even after being attacked.

“Attackers have almost limitless freedom and agility, and are constantly evolving their tools and techniques. Organisations, being much larger and more structured are not able to evolve their security strategy and controls to match this pace of change,” comments CyberArk’s regional director of Australia and New Zealand, Matthew Brazier.

The study’s findings suggest that inertia is now part of many organisations that do not believe they are able to repel or contain cyber threats.

 45% of Australians say their organisation can’t prevent attackers breaking into internal networks each time an attack is attempted.

Part of the problem may lie in the insufficient storage and use of administrative credentials. 41% of Australian respondents say those credentials are stored in Word or Excel documents on company PCs.

DevOps and cloud processes can also be automated, which means privileged accounts, credentials and secrets are being created at a ‘prolific’ rate, CyberArk states.

Brazier says that privileged accounts and secrets are targeted in almost every attack.

“These are the most prized assets for attackers as these allow them to bypass other security controls undetected. The most cyber mature organisations in Australia have a deep awareness of their privileged asset landscape and have put in place strong controls around the way these are issued, used and audited. Aligning both defensive and alerting capabilities to protect these assets is fundamental to an effective security strategy.”

Despite data protection regulations coming into force across the world, 58% of Australian respondents say their customers’ privacy and personally identifiable information may be at risk because the organisation doesn’t provide security beyond the legally-required basics.

Globally, IT professionals are most concerned about security threats including targeted phishing attacks (56%); insider threats (51%); ransomware or malware (48%); unsecured privileged accounts (42%); and unsecured data in the cloud (41%).

The majority of Australian respondents (85%) agree that cybersecurity strategy should be a regular board-level discussion topic.

Australians are also less concerned about recognising or rewarding employees who prevent a security breach (46%) than their US counterparts (76%).

CyberArk polled 1300 IT security decision makers as part of its report.  See how Singapore respondents fared by clicking here.

Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.