Story image

AU businesses training staff on cybersecurity, but more needs to be done – survey

17 Sep 2018

Almost one in three Australian (29%) businesses have suffered more than three cybersecurity incidents in the past 12 months while more than one in ten (12%) of companies simply don’t know if their security defences have been breached in the past year.

That’s according to a survey of IT security professionals conducted by Content Security, an Australian IT security integration and consulting company.
While any security breach can be both damaging and expensive, the survey also found that Australian businesses are making a determined effort when it comes to cybersecurity training and education.

Forty-six percent of companies train their staff on security either on a monthly or quarterly basis while just over one in three (35%) train staff on an annual basis.
Content Security CEO and co-founder Louis Abdilla says, “An organisation’s success in defending against an attack is largely dependent on its level of preparation and the tools it deploys to monitor systems and detect, shut down and contain suspicious activity.  

“It's encouraging to see that Australian organisations are preparing for the very real possibility of an attack but every individual needs to be responsible for aspects of personal security such as changing compromised passwords.  

“Security awareness training is now a key component of security strategy, with the survey suggesting that organisations have now recognised that security is now a business-wide issue and non-technical end-users need to be educated,” Abdilla says.

The survey found that 36% of companies review their cybersecurity strategy and incident response plan quarterly, 21% biannually and 39% annually.
 
Additional survey findings include:

  • More than half of all companies (56%) rate their ability to defend against cyber attacks as being very mature
  • 41% of organisations aligning to requirements for compliance with the Notifiable Data Breaches scheme and 30% of organisations aligning with GDPR compliance.   

“At the end of the day, most companies will be breached if an attacker really wants access to that company.

“You can still come out of a breach in a pretty good spot if you’ve been diligent about your IT and security controls, including the implementation of monitoring, detection, and response capabilities that can help minimise the impact of the breach and stamp down any thoughts of negligence and if you’ve handled the post-incident breach work well and in accordance with legal regulation and ethical principles. 
 
“All of this is predicated on having an incident response and breach notification plan in place prior to being breached. The last thing you want to do is go into an incident ill-prepared, without a plan, and figuring things out while in the middle of the incident,” says Abdilla.
 
Moving into 2019, the survey found that more than half of all companies (58%) will invest in vulnerability management, 48% in cloud auditing and 49% in multi-factor authentication security solutions.  

More than one in three (37%) also see CASB as a critical technology for investment while 36% of organisations will also focus on SIEM solution deployments.
 
“Ultimately, companies must practice good IT and security hygiene, including patching systems and applications, updating and modernising systems and applications, controlling access to only those that need access, validating identities, and encrypting or applying other safeguards to critical business systems and data,” says Abdilla.

“They also must implement stringent monitoring and alerting mechanisms as compensating controls for when or if an attacker breaks through their defences. The amount of IT and cybersecurity control you wrap around something should be equivalent to the value of what you are trying to protect.”

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."