A new ranking may have placed Australia among the most technologically advanced nations in the world, but the relative immaturity of its cybersecurity efforts could present a dangerous exposure in the face of intensifying attacks such as those forecasted for the upcoming FIFA World Cup 2018.
The significant potential for Australia’s digital transformation was recognised in the recently released Economist Intelligence Unit’s Technological Readiness Ranking 2018-2022, which placed Australia alongside Singapore and Sweden as the countries most ready to harness the Internet, digital economy infrastructure, and openness to innovation.
Australia’s ascension into the top spot, with a score of 9.71875, reflected a strong jump progression from the 2013-2017 ranking, which saw Finland and Sweden in first place and Australia in equal third with a ranking of 9.15625.
The United States jumped from 11th place to 4th, which it shared with a declining Finland and equally ascendant France, Germany, Japan, and the Netherlands.
Online government was highlighted as a strength of Australia, which came in second behind the UK in the Online Service Index component of the UN’s E-Government Development Index, upon which the EIU draws to derive its rankings.
Asia-Pacific online government initiatives were driven largely by the desire to reduce corruption, the report found: “By reducing the number of interactions with officials and speeding up the decision-making process,” the authors wrote, “online services can help to cut down on corrupt practices, and this has been shown to be particularly effective in developing countries.”
“However, it is not a silver bullet: accurate record-keeping and a robust legal system are needed too.”
The EIU’s ranking also includes measures of cybersecurity preparedness, informed by the ITU’s Global Cyber-Security Index. This index identified a preparedness gap between countries like Taiwan (with a 1.0 rating), Singapore (0.925), the US (0.919), and Malaysia (0.893) with Australia ranking 0.824 – putting it on par with France and Canada, and slightly ahead of Russia, Norway, Egypt, and the UK.
Fighting the cybersecurity gap
The gap between Australia’s technological readiness, and its readiness to defend its digitally-transformed self, was apparent in the recent ServiceNow-Ponemon Institute State of Vulnerability Response survey, which included nearly 3000 security professionals worldwide and 220 in Australia and New Zealand.
Fully 52 percent of surveyed businesses had suffered a data breach in the last year and 48 percent of those admitted the breach was due to a known vulnerability – a widely-known attack vector that can leave even well-prepared organisations exposed for several days.
Respondents to the ServiceNow survey agreed, noting that the average window of time to patch has decreased by an average of 28 percent in the last two years. Yet of all surveyed countries, companies in Australia and New Zealand said they spend the second lowest amount of time monitoring systems for threats and vulnerabilities.
The reasons for the poor patching were evident, with 81 percent of respondents saying their organisations didn’t have sufficient staff to patch in a timely manner. Fully 64 percent of respondents said they were planning to hire an average of 3 staff members specifically to handle patching over the next 12 months – a one-third increase compared to today’s staffing levels.
Relying on increased staffing levels may seem like a good strategy, but it’s intrinsically limited by budget limitations and availability of staff in the market. And, with threat actors increasingly trying new forms of attack and stepping up the intensity and sophistication of their attacks, the maths are increasingly falling in the favour of the attackers.
As has been seen at this year’s Pyeongchang Winter Olympics, Commonwealth Games and other major events – and expected to be repeated in the upcoming FIFA World Cup 2018 in Russia – ongoing laxity of consumers’ computing habits poses a continuing threat for businesses with exposure to new vulnerabilities.
“Large-scale international sporting events such as the FIFA World Cup are major cyber-attack targets, even for ordinary individuals,” said Fortinet network and security strategist Gavin Chow in a statement where he warned fans to watch out where they view live coverage; be extra vigilant for phishing attacks; be sceptical of offers for discounted tickets or cheap merchandise; keep software updated; and avoid public Wi-Fi hotspots.
“Hackers know that in their excitement to watch the latest action or learn the latest scores,” he said. “computer users often forget common sense and neglect safe computing habits.”