SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cyber crime hits Aussie businesses hard
Thu, 5th May 2016
FYI, this story is more than a year old

Cyber crime is hitting Australia hard, with 63% of Australian organisations experiencing a cyber security breach or incident in the past year, and 71% of organisations experiencing mobile security incidents.

This is according to a new report by CompTIA, the non-profit association for the technology channel and broader industry.

The report, International Trends in Cyber securityrevealed that self-reported security breaches were most prevalent in India (94%), Malaysia (89%), Thailand (88%), Brazil (87%) and Mexico (87%). Organisations in Japan (39%) and the United Arab Emirates (40%) reported the lowest percentages of self-reported security incidents.

The study also found that mobile security incidents are occurring at a higher rate, with 71% of Australian organisations reporting a mobile-related security incident such as lost device, data policy violation, or staff disabling security features.

Mobile incidents were reported at the highest percentages in Thailand (95%) India (91%) and Mexico (89%); and in the lowest percentages in Japan (60%), the UAE (60%) and the UK (64%).

Furthermore, 72% of Australian organisations expect security to become a higher priority over the next two years. According to CompTIA, the top drivers for a changing approach to security in Australia include:

  • Change in IT operations (e.g. cloud, mobility) (41%) 
  • Reports of security breaches at other firms (33%) 
  • Internal security breach or incident (32%) 
  • Knowledge gained from training/certification (28%) 
  • Change in business operations or client base (27%) 

Moheb Moses, CompTIA director Channel Dynamics and ANZ community director, says, “Due to the evolving nature of IT, most organisations have had to change the way their company approaches security. In Australia, as in many other countries, the greatest change has been in IT operations, especially as firms move to cloud or implement new mobility strategies.”

Amy Carrado, senior director research and market intelligence at CompTIA, says, “The importance of cyber security knowledge and readiness continues to grow regardless of geography, with 79% of companies internationally expecting cyber security to become a higher priority over the next two years.”

The study also revealed that human error is becoming more of a cyber security factor for companies with 61% of Australian organisations reporting it as a major contributor to security risk (compared with 58% internationally).

Top sources of human error include:

  • Failure to get up to speed on new threats (37%) 
  • End user failure to follow policies and procedures (31%) 
  • General carelessness (28%) 
  • Intentional disabling of security features (28%) 
  • Lack of expertise with websites and applications (27%) 
  • IT staff failure to follow policies and procedures (25%)

Australian organisations are taking steps to assess and improve cyber security knowledge among their employees - practices include new employee orientation, ongoing training programmes, online courses and random security audits, CompTIA says.

However, the results so far have been mixed. Only 23% of organisations rate their cyber security education and training methods as extremely effective. Making employee training mandatory, more comprehensive training delivered more often and follow-up tests and assessments are some of the steps that would improve effectiveness, executives said.

CompTIA's report, International Trends in Cybersecurity, is based on an online survey of 1,509 business and technology executives (125 in Australia) conducted by CompTIA in January and February 2016.