The Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, which compares 11 countries and their cybersecurity standing, reveals that Australia is the nation most under attack with 90 per cent of Australian companies reporting they receive up to 5,000 threats a day. Of those, 33 per cent of Australian companies deal with 100,000 to 150,000 threats a day, while seven per cent are seeing more than 500,000 threats each day.
Each breach carries a large financial impact to businesses - with the cost of an attack in Australia ranking the most expensive in Asia Pacific region. Of those enterprises surveyed, 52 per cent claim breaches cost anywhere between $1 million to $5 million USD, while nine per cent claim the cost was more than $10 million USD. This includes costs from lost revenue, loss of customers, and out of pocket expenses caused by a cybersecurity breach.
Despite the financial impact of an attack, over two thirds (69 per cent) of respondents report experiencing cyber fatigue, admitting to have given up trying to stay ahead of malicious attackers. This is well above the worldwide figure of 46 per cent.
The findings show that more needs to be done to equip, educate and support businesses and security professionals across Australia against a cyberattack.
Speaking about the report, Steve Moros, Director of Cybersecurity at Cisco Australia and New Zealand, said: “The results of the study highlight both the scale and complexity of the challenge faced by Australian companies in the current cybersecurity landscape.”
“The stakes are at an all-time high for Australian businesses. The launch of the Notifiable Data Breaches scheme early this year, in which organisations have to report the breaches that happen, means that businesses not only risk financial loss but also reputational loss if a breach occurs,” said Mr Moros.
The study also highlights that the use of multiple vendors and products is making monitoring cybersecurity threats more complicated. Across the region, over half of surveyed organisations (72 per cent) work with more than 10 security vendors, while 12 per cent say they have more than 50 vendors in their businesses. This creates an added layer of complexity and increases vulnerability, as having different security products can lengthen the time to detect and contain a breach.
“In order to achieve best cyber practice, everyone from government to vendors, educational institutes to independent bodies, need to collaborate, share information and threat intelligence. When it comes to cyber security, businesses cannot afford to work in silos.
“Businesses need to raise awareness about the issue, have proper processes in place and deploy the right technologies to help identify, block or remediate against any malicious attacks. Finally, we need to develop local cybersecurity talent so that we have the skills to support the country’s digital drive in a sustainable manner. It’s not a problem that can be tackled in isolation but one we need to tackle as a country,” Mr Moros adds.
● Know when cyber-attacks occur and adopt next-generation endpoint protection.
● Understand the data to access timely, accurate threat intelligence data and processes that allow for data to be incorporated into security monitoring and investigating.
● Use easy, scalable tools and implement first line–of-defence tools that can scale, like cloud security platforms.
● Employ network segmentation to help reduce outbreak exposures
● Review and practice security response procedures regularly.
● Invest in skills and capabilities as education is key to understanding cybersecurity, and how to keep protected.
● Leverage your network assets to use your network as a sensor by using existing capabilities in your Infrastructure that forms your organisations' security architecture.
Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.
Cybersecurity Insights - Attack
No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?
Cybersecurity Insights - People
Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.