Fastly finds ANZ organisations increasing cybersecurity spend
Research from Fastly has found that over three-quarters (78%) of Australian and New Zealand organisations are increasing their cybersecurity spending, but many are still investing poorly.
The research, which surveyed 1,400 key IT decision-makers in large organisations, revealed that AUD $95,000 is spent annually just on web applications and API security control and tools alone.
59% of respondents agreed that their organisation's allocated budget appropriately addresses cybersecurity risk, but the research found that only 60% of cybersecurity tools are fully active or deployed within many of these organisations.
Similarly, due to a scattergun approach to cybersecurity implementation, 38% of these tools overlap, protecting organisations against the same threats. And, when these tools do run, they often suffer from too many false positives. For example, 42% of alerts detected by an organisation's WAFs are false positives.
Guy Brown, Senior Security Strategist, Fastly, says the research should challenge organisations to think more carefully about how they are investing in their cyber resources.
"These statistics should be a wake-up call for businesses to be constantly cybersecurity vigilant and ensure that they continue to invest in their people, process and technologies," he says.
"Businesses should not live in fear but instead should be aware of the negative repercussions of cybersecurity failure and ensure that they invest in solutions that are fit for purpose."
IT leaders also predicted the biggest threats to their organisation in the next 12 months, with 37% highlighting data breaches and data loss, 33% phishing and 27% malware as their key areas for concern.
Although 76% of organisations said they were confident in their ability to protect themselves against the current cybersecurity threat landscape, the other primary area of concern for these organisations was securing remote workers.
85% of IT leaders surveyed expressed concern about the effect of adopting a remote work culture since the pandemic on their cybersecurity strategy.
Brown says that if businesses can get the fundamentals of cybersecurity right, they are going to be better able to defend against the majority of the most common threats, particularly potential data breaches. This includes actions like utilising non-SMS-based two-factor authentication, rigid authorisation rules, rate limiting to control sent or received requests when needed, and comprehensive security training across all parts of the organisation.
"These basic cyber hygiene steps will go a long way to preventing severe financial, brand value and data losses and should be priorities for all businesses, regardless of size," says Brown.
"In addition, by adopting these measures, an individual employees location wont impact your business cybersecurity posture as there wont be concerns around remote work. Hybrid work is here to stay, so businesses should be prepared to embrace it."