Aussie CIOs feel unprepared to deal with cyber attacks: survey

Australian CIOs have given themselves a woeful report card when asked to rank their organisation’s preparedness to deal with cyber attacks, according to new research findings.

The 485 surveyed Australian IT professionals scored their organisations’ overall security posture as just 4.5 out of a possible 10 points – a failing grade by any measure. They were equally harsh in scoring their organisation’s ability to quickly detect cyber attacks (4.4) and prevent them (4.6), as well as in assessing their ability to minimise false positives (4.3).

Asked to assign the blame, nearly half of all respondents to the survey – The Efficacy of Emerging Network Security Technologies, commissioned by networking vendor Juniper Networks and carried out by security research firm Ponemon Institute – said that emerging network security technologies aren’t as effective as they should be, with high false-positive rates (56% of respondents) and unfulfilled vendor promises (54%) broadly blamed for the shortfall.

In-house security staff received a slightly stronger vote of approval, with inhouse expertise rated at an average of 5.3 out of 10.

Tellingly, fully 55% of respondents established a causative link between those two measures, noting that effective use of technological measures requires inhouse staff with the skills to use them properly.

The survey findings reflect those of recent Gartner research that encouraged business and IT leaders to prioritise the assignment of funding and skills to new projects throughout their lifecycle. Yet broader issues about availability of IT security skills continue to cause their own problems, with some industry experts recommending a complete rethink of IT-security hiring issues to improve the situation.

Staff weren’t the only thing fingered for the current deficiencies: many respondents to the Ponemon survey blamed a lack of holistic security vision for the shortcomings of their security models, with 58% noting that their organisation mainly focuses emerging network security technologies on the ‘inside-out’ problem and only 37% saying they take a holistic approach to security.

“It is interesting to observe that despite being armed with emerging network security technologies, organisations in Asia Pacific find themselves to be sitting ducks for external threats,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “Organisations need to reflect on the shortcomings of their existing inside-out approach and seriously consider investing in a more comprehensive and holistic approach to network security in order to keep pace with a constantly evolving threat landscape.”

Intrusion prevention systems and firewalls were considered the most effective features in maintaining network security, while in half of cases application-control features were most often configured for monitoring and reporting only, rather than actual application control.

“This research worryingly indicated that organisations are aware emerging network security technologies are not as effective as they should be and only address part of the cyber security attacks perpetrated upon them,” Greg Bunt, Juniper Networks’ Asia Pacific director for security sales, said in a statement.

“Companies need to renew their focus on zero-day defence and review their security investment weighting, to assess whether the areas of greatest risk are receiving adequate attention.”

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attacksCIOscyber security

More about EarthwaveEarthwaveGartnerIntrusionJuniperJuniper

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place