The Cisco 2018 Asia Pacific Security Capabilities Benchmark Study, which compares 11 countries and their cybersecurity standing, reveals that Australia is the nation most under attack with 90 per cent of Australian companies reporting they receive up to 5,000 threats a day. Of those, 33 per cent of Australian companies deal with 100,000 to 150,000 threats a day, while seven per cent are seeing more than 500,000 threats each day.
Each breach carries a large financial impact to businesses - with the cost of an attack in Australia ranking the most expensive in Asia Pacific region. Of those enterprises surveyed, 52 per cent claim breaches cost anywhere between $1 million to $5 million USD, while nine per cent claim the cost was more than $10 million USD. This includes costs from lost revenue, loss of customers, and out of pocket expenses caused by a cybersecurity breach.
Despite the financial impact of an attack, over two thirds (69 per cent) of respondents report experiencing cyber fatigue, admitting to have given up trying to stay ahead of malicious attackers. This is well above the worldwide figure of 46 per cent.
The findings show that more needs to be done to equip, educate and support businesses and security professionals across Australia against a cyberattack.
Speaking about the report, Steve Moros, Director of Cybersecurity at Cisco Australia and New Zealand, said: “The results of the study highlight both the scale and complexity of the challenge faced by Australian companies in the current cybersecurity landscape.”
“The stakes are at an all-time high for Australian businesses. The launch of the Notifiable Data Breaches scheme early this year, in which organisations have to report the breaches that happen, means that businesses not only risk financial loss but also reputational loss if a breach occurs,” said Mr Moros.
The study also highlights that the use of multiple vendors and products is making monitoring cybersecurity threats more complicated. Across the region, over half of surveyed organisations (72 per cent) work with more than 10 security vendors, while 12 per cent say they have more than 50 vendors in their businesses. This creates an added layer of complexity and increases vulnerability, as having different security products can lengthen the time to detect and contain a breach.
“In order to achieve best cyber practice, everyone from government to vendors, educational institutes to independent bodies, need to collaborate, share information and threat intelligence. When it comes to cyber security, businesses cannot afford to work in silos.
“Businesses need to raise awareness about the issue, have proper processes in place and deploy the right technologies to help identify, block or remediate against any malicious attacks. Finally, we need to develop local cybersecurity talent so that we have the skills to support the country’s digital drive in a sustainable manner. It’s not a problem that can be tackled in isolation but one we need to tackle as a country,” Mr Moros adds.
● Know when cyber-attacks occur and adopt next-generation endpoint protection.
● Understand the data to access timely, accurate threat intelligence data and processes that allow for data to be incorporated into security monitoring and investigating.
● Use easy, scalable tools and implement first line–of-defence tools that can scale, like cloud security platforms.
● Employ network segmentation to help reduce outbreak exposures
● Review and practice security response procedures regularly.
● Invest in skills and capabilities as education is key to understanding cybersecurity, and how to keep protected.
● Leverage your network assets to use your network as a sensor by using existing capabilities in your Infrastructure that forms your organisations' security architecture.
Tamara Baker was awarded the CSO Special Recognition award at the 2019 CSO Inaugural Women in Security Awards in September.
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.