Gone in 60 seconds: Australian IT managers feel besieged by attackers

Nearly half of Australian IT managers believe their organisations are targeted for a security breach every week – with one in eight believing they had been attacked in the past 60 seconds – according to a customer survey conducted at the recent AusCERT conference on the Gold Coast.

The survey of more than 100 attendees, conducted by identity-management firm Centrify, asked the subjects about their biggest concerns for the next year and security topped the list, with 56 percent nominating security as a key issue.

Cloud computing was a close second, with 55 percent, while mobile applications and management came third with 21 percent.

Those figures corroborated previous accounts suggesting that security has this year become far and away the biggest priority for both business executives and IT managers.

That's hardly surprising news for Niall King, senior director of APAC sales with Centrify, who told CSO Australia that high-profile breaches – such as 2013's massive Target hack and the recent compromise of the US Office of Personnel Management – had finally brought security into the limelight.

“IT managers all over the world want to make data and applications more open and usable, but they are also concerned about security,” he explained. “These challenges seem to be consistent across geographies – but we only hear about them when there is someone famous involved.”

Fully 83 percent of surveyed IT managers were as concerned or more concerned about security breaches at their organisations than they were a year ago. Only 5 percent were less concerned than a year ago.

Little wonder: while the survey revealed a heightened sense of concern about security exposure, fully 13 percent believed their organisation had been attacked within the last 60 seconds – supporting the narrative that attacks are an ongoing and unrelenting issue for IT managers.

This shift in mentality had been echoed by a shift in approach to network security, according to King, who highlighted the growing role of better identity management in securing the challenging manual process of account management, which has regularly been exposed as one of the most regularly-compromised vectors in organisations today.

Read more: Australians report $136k lost to malware in June, $45m to all scammers this year: ACCC

Many had come to see identity as more important even than the actual data, since “with a user's identity you can get into everything,” King said. “Not just the intellectual property, but everything else within the company.”

Despite their power, accounts were often left with vestigial privileges as employees progress from one job role to another. Particularly in large organisations, pressured IT staff had found it hard to keep up with these changes, King said, and yet with the ongoing siege from hackers it was more important than ever that those privileges be kept in check.

With cloud services now added to the mix, the situation had become even worse, King added, since individual employees were frequently authenticating to the services without any involvement from the corporate identity framework.

Those companies need “a system to methodically go through and unify all of these identities into one set of credentials,” King explained. “Then you can have a back-end system that monitors what's going on between the cloud providers and applications, and you can very clearly monitor who is accessing what, and what they are doing.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber attacksAustralian IT managersCentrifyIT managersIT SecurityNiall Kingsecurity breachCSO AustraliaAusCERT conference

More about APACCentrifyCSOEnex TestLabTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place