The Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, which compares 11 countries and their cybersecurity standing, reveals that Australia is the nation most under attack with 90 per cent of Australian companies reporting they receive up to 5,000 threats a day. Of those, 33 per cent of Australian companies deal with 100,000 to 150,000 threats a day, while seven per cent are seeing more than 500,000 threats each day.
Each breach carries a large financial impact to businesses - with the cost of an attack in Australia ranking the most expensive in Asia Pacific region. Of those enterprises surveyed, 52 per cent claim breaches cost anywhere between $1 million to $5 million USD, while nine per cent claim the cost was more than $10 million USD. This includes costs from lost revenue, loss of customers, and out of pocket expenses caused by a cybersecurity breach.
Despite the financial impact of an attack, over two thirds (69 per cent) of respondents report experiencing cyber fatigue, admitting to have given up trying to stay ahead of malicious attackers. This is well above the worldwide figure of 46 per cent.
The findings show that more needs to be done to equip, educate and support businesses and security professionals across Australia against a cyberattack.
Speaking about the report, Steve Moros, Director of Cybersecurity at Cisco Australia and New Zealand, said: “The results of the study highlight both the scale and complexity of the challenge faced by Australian companies in the current cybersecurity landscape.”
“The stakes are at an all-time high for Australian businesses. The launch of the Notifiable Data Breaches scheme early this year, in which organisations have to report the breaches that happen, means that businesses not only risk financial loss but also reputational loss if a breach occurs,” said Mr Moros.
The study also highlights that the use of multiple vendors and products is making monitoring cybersecurity threats more complicated. Across the region, over half of surveyed organisations (72 per cent) work with more than 10 security vendors, while 12 per cent say they have more than 50 vendors in their businesses. This creates an added layer of complexity and increases vulnerability, as having different security products can lengthen the time to detect and contain a breach.
“In order to achieve best cyber practice, everyone from government to vendors, educational institutes to independent bodies, need to collaborate, share information and threat intelligence. When it comes to cyber security, businesses cannot afford to work in silos.
“Businesses need to raise awareness about the issue, have proper processes in place and deploy the right technologies to help identify, block or remediate against any malicious attacks. Finally, we need to develop local cybersecurity talent so that we have the skills to support the country’s digital drive in a sustainable manner. It’s not a problem that can be tackled in isolation but one we need to tackle as a country,” Mr Moros adds.
● Know when cyber-attacks occur and adopt next-generation endpoint protection.
● Understand the data to access timely, accurate threat intelligence data and processes that allow for data to be incorporated into security monitoring and investigating.
● Use easy, scalable tools and implement first line–of-defence tools that can scale, like cloud security platforms.
● Employ network segmentation to help reduce outbreak exposures
● Review and practice security response procedures regularly.
● Invest in skills and capabilities as education is key to understanding cybersecurity, and how to keep protected.
● Leverage your network assets to use your network as a sensor by using existing capabilities in your Infrastructure that forms your organisations' security architecture.
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.
According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities