DNS management and security services company Infoblox has unveiled a global report examining the state of security concerns, costs, and remedies, including some interesting findings in Australia.
It's widely known that the pandemic has accelerated digital transformation projects to support remote work, and in Australia there is now have a mix of remote working and onsite working. However, attackers have seized on vulnerabilities in these tectonic shifts to the cloud and remote work. These actions by cybercriminals have increased pressure on security teams, protocols and defences, with more work, and larger budgets flowing into the space.
1,100 respondents in IT and cybersecurity roles in 11 countries took part in the report including the United States, Mexico, Brazil, United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, Australia, and Singapore.
Within Australia, key findings included:
- Australian businesses preferred adding VPNs and firewalls over remote devices in the past year. Fifty-five percent deployed virtual private networks and/or firewalls in response to securing a more remote workforce. Other popular device additions were remote employee-owned devices (48%) and cloud-managed DDI (DNS, DHCP and IP management) servers (41%). Remote corporate-owned devices were added by only 39%.
- Australian organisations are most concerned about being vulnerable to data leakage, cloud attacks, and ransomware. Almost half (46%) were most concerned about data leaks and they also had concerns with ransomware direct attacks on cloud services (40%) and general ransomware (37%). They found themselves least prepared to handle data leaks (22%) and attacks using remote worker connections (14%), followed by ransomware and state-sponsored attacks (13%).
- More than half (58%) of all Australian respondents experienced up to five IT security incidents in the past year. However, sixty-two percent reported the IT events they experienced did not result in a breach. Among the others, attackers were most likely to have compromised an employee-owned remote endpoint or Wi-Fi access point (37%).
- Top attack mechanisms included data exfiltration (53%), and hijacked credentials (37%). Once inside, organisations were most likely to suffer data manipulation or system outages (34%) or sensitive data exposures and malware infections (32%). Fifty percent suffered up to US$1 million (AU$1.3 million) in both direct and indirect damages.
- Most Australian organisations (71%) said they were generally able to respond to a threat within 24 hours. The highest response time in the world. This response was assisted by tools like network traffic analyses (38%), discovering a systems-specific vulnerability (36%), and third-party threat intelligence solutions (35%). Going forward, Australian IT security teams expect their biggest challenges to be remote monitoring (38%), IT security skills shortages (32%), and funding (32%).
- DNS is a popular strategy in Australia to ease the burden on organisations perimeter defences. In exploring the role of DNS (Domain Name System) in an Australian organisations overall security strategy, 50% used it to discover devices making requests to malicious destinations and 44% to locate malware activity earlier in the kill chain.
- Australian companies are putting more resources toward data protection and cloud. About 62% of Australian companies saw their IT security budgets increase in 2021. Most (70%) anticipate more funding in 2022. Popular purchase options for on-premises investments include data loss prevention (23%), and network security (22%). Cloud access security brokers (36%) and DNS security (35%) were among the most popular cloud-based investments. Those anticipating a hybrid approach are most likely to adopt combo versions of VPNs/firewalls (35%) and data loss protection (34%).
- Interest in Secure Access Service Edge (SASE) frameworks in Australia is accelerating. As assets, access, and security move out of the network core to the edge with the push for virtualisation, 60% of Australian organisations have already partially or fully implemented SASE and another 16% intend to do so, through either one vendor (59%) or many (41%).
"Cloud-first networks and corresponding security controls went from nice-to-have features to business mainstays as organisations sent office workers to work from home," says Matt Hanmer, managing director of Infoblox, Australia and New Zealand.
"Our research has shown that, to address the spike in cyberattacks, Australian security teams are turning to DNS security and zero trust models like DNS security for threat hunting as proactive tools for protecting corporate data and remote devices," he says.
"It's also amazing to see that 71% of Australian organisations said they were generally able to respond to a threat within 24 hours. This is the highest percentage in the world and we should be proud of our businesses for their diligence."