In response to escalating cyber threats highlighted in the Australian Cyber Security Strategy 2023-2030, research by industry leader Trellix has found a surge in cybersecurity job creation in 60% of Australian businesses.
Released today, 'Mind of the CISO: Behind the Breach' marks the latest effort by Trellix to unravel the complexities and challenges faced by businesses coping with the aftermath of cyber-attacks.
The research sought insights into the measures Chief Information Security Officers (CISOs) undertake subsequent to a cyber incident. As the frequency, sophistication, and speed of cyber-attacks continue to grow it is urgent that organizations elevate their security practices. Home Affairs Minister Clare O’Neil has noted this and specifically warned about the situation.
The findings from the study painted a worrying picture. Half of Australian businesses have had to pay damages to third parties following cyberattacks. Key negative impacts identified included data loss (47%), reputational damage (37%), and substantial strain on SecOps teams (30%).
The study highlights the vast array of attack vectors facing businesses, with the most common including data theft (53%), malware (40%), DDoS attacks (37%), and ransomware (23%). More worryingly, 40% of companies experienced supply chain breaches and insider threats were cited in 37% of major cybersecurity incidents.
Yet, within the grim reality of the cyber threat landscape, there appear glimmers of resilience. The research reveals how businesses adapt following an attack. After an attack, all Australian CISOs stated they received more support from the board.
Support came in the form of 43% adding contract services such as incident response or professional services, and 40% experienced an increase in budget for additional technology.
Alongside this, the unanimous agreement of surveyed CISOs was that the implementation of Extended Detection and Response (XDR) could have forestalled their major cybersecurity episodes. This underlines the potential impact of efficient and cutting-edge technology on the efficiency of SecOps teams and processes.
Luke Power, Managing Director Australia and New Zealand at Trellix, stated, "As threats evolve, it is encouraging to see that Australian businesses are doubling down on bringing in the right expertise to support security leaders in preventing major cyber incidents”.
Reflecting on the impact of cyber incidents, one Australian government agency CISO commented, "The biggest learning is the awareness had to be raised at the board level… unfortunately, it had to take an incident to do so."
The report also revealed the need for comprehensive improvements across people, processes, and technology. A third (33%) of Australian CISOs felt 'a complete overhaul' was necessary in their structures, policies, and ways of working to effectively mitigate risks and deal with threats in real-time.
The research conducted by Trellix is part of its broader 'Mind of the CISO' initiative, aimed at enhancing awareness and support for Chief Information Security Officers.