Mandiant, a provider of dynamic cyber defence, threat intelligence and incident response services, has released a report looking into how organisations navigate the increasingly complex threat landscape.
The "Global Perspectives on Threat Intelligence" report is based on a global survey of 1,350 cyber security decision-makers. The scale of the survey included participants across 13 countries and 18 sectors – including those in financial services, healthcare and government.
According to the report, 69% of Australian security professionals feel that their board still underestimates the threat of cyber-attacks, with only 27% of respondents across the APJ region feeling that their leadership team has an accurate view of the situation.
The worrying statistics paint a picture of how Australian tech teams feel their superiors are treating the very real threat of cyberattacks. This comes despite recent high-profile cyberattacks in recent times. However, it appears that leaders and board members are treating the situation as something that 'won't happen to them'.
Over the past 12 months, the APJ region has experienced more cyberattacks than any other region, with 39% of organisations reporting a significant security breach.
When looking overseas, the North American region had 23% of organisations report a cyberattack, with 32% of EMEA organisations reporting them. As for Australian organisations, 22% cited that they have suffered a severe breach over the past 12 months.
Cyberthreat intelligence teams in large Australian enterprises average around 13 employees. Of that number, an astounding 98% of them feel that their organisation needs to be faster when responding to new threats.
This is confusing, however, as all respondents in Australia reported that they were either 'very satisfied' or 'satisfied' with the quality of their threat intelligence.
The difference in perspectives between senior leadership teams and the boards they report to seems to suggest that board members feel a false sense of security about cyberthreats and intelligence.
When looking at the factors that limit a successful cyber program, there were two of importance. The ability to effectively apply threat intel across the organisation ranked first in Australia with 54%, followed closely by lack of talent with 49%.
The threats posed by rogue nation-states were also a primary concern to 7% of Australian organisations. While the threats posed by 'hacktivists' and financially motivated attacks are serious, 68% of Australian organisations were more worried about whether they are fully prepared to fight an espionage-style attack by a rogue nation.
Of the rogue nations that organisations are worried about, attacks from Russia and North Korea are the usual suspects, with 47% of Australian companies believing they are less likely to be able to defend themselves from an attack by Russian operatives and 45% of North Korean operatives.