Story image

Palo Alto Networks: Australia is resilient but overconfident about cybersecurity abilities

01 Aug 2017

A Palo Alto Networks report says that Australian businesses are somewhat resilient in their cybersecurity habits, even though many think that cybercriminals and threats are becoming more difficult to fight.

The State of Cubersecurity in Asia-Pacific report says that Australians also have a misplaced sense of confidence.

36% of respondents lost at least $130,000 in data breaches in 2015-2016, and 40% have lost money in the last year alone.

"These survey results highlight that every organisation is a potential target for cybercriminals. If businesses don’t put the right measures in place, they may be exposed to financial losses and reputational damage after just one successful breach. Failure to take a strong preventative mindset, which includes implementing advanced, next-generation security measures and policies, puts these organisations at risk,” comments Sean Duca, vice president and regional chief security officer for Asia-Pacific, Palo Alto Networks

Although resiliency sees organisations through security events, 34% of respondents have a low average adoption rate for advanced security measures.

Organisations are not paying attention to the threat landscape and how serious some threats are. 70% of Australian respondents said that cybercrime has become more sophisticated in the last five years; while 86% of Chinese respondents thought the same.

More than half of Australian firms are devoting between 5-15% of their budget to cybersecurity, and 55% said it’s easy to convince management that security is a worthwhile investment.

Repondents also felt that breach reporting to regulators should be mandatory; such as in the case of the upcoming Data Breach Notifications Bill.

Organisations would also feel more confident sharing threat information if a framework outlined the types of information that could be shared. Palo Alto Networks says that this method is the only way Australian organisations can take a preventative approach, instead of constantly having to find the latest cure.

Government respondents in Australia may be on the back foot, as the report found that not a single one said that they review their policy and/or operating policy more than once per year.

Palo Alto Networks says that sound cybersecurity practices must be modelled from the top down in any organisation.

IT and security teams should make the security experience ‘visceral’ to leaders by defining clear business metrics and conducting cybersecurity readiness tests. This allows leaders to understand and engage in the issues, Palo Alto suggests.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."