Australian firms lag in attack surface risk management tools

New research by Trend Micro has revealed a significant gap between the recognition of risks posed by attack surfaces and the implementation of specialised tools to manage those risks among Australian organisations.

The study, which surveyed over 2,000 cybersecurity leaders globally and included 100 respondents from Australia, found that 60% of Australian leaders have experienced security incidents as a result of unknown or unmanaged assets.

The proliferation of generative artificial intelligence (AI) systems and the increasing use of Internet of Things (IoT) devices both in offices and employees' homes have contributed to a rapid growth in the number and complexity of these assets.

According to the report, 87% of Australian respondents acknowledged that attack surface management is either directly or somewhat connected to their organisation's business risk.

The study also detailed the broader negative effects that can arise from inadequate risk management across exposed assets, extending beyond immediate security threats to include financial performance (45%), customer trust and brand reputation (42%), employee productivity (42%), operational continuity (38%), regulatory compliance and legal risks (36%), and market competitiveness (33%).

Despite this awareness, the research revealed that only 45% of Australian organisations utilise dedicated tools to proactively manage risk across their attack surface. Moreover, 38% of respondents noted that they do not have a continuous monitoring process in place, an essential component for early mitigation and containment of risk before it impacts operations.

Budget allocations also highlight the challenge, with just 23% of Australian organisations' cybersecurity budgets dedicated to managing attack surface risk. Nonetheless, 80% of those surveyed indicated that they believe their current resources are adequate for addressing these challenges.

Andrew Philp, ANZ Field Chief Information Security Officer at Trend Micro, commented on the findings: "As far back as 2022, organisations globally - including here in Australia - were becoming increasingly concerned that their cyber-attack surface was spiralling out of control. That concern is even more pressing today. Yet while many local organisations understand the impact this has on operational and reputational risk, there remains a concerning gap in proactive, continuous risk mitigation strategies. Managing cyber risk exposure must become a strategic priority for all Australian businesses."

The survey also found that artificial intelligence is an area of increasing importance in cybersecurity. Sixty-two percent of Australian respondents are currently leveraging AI-driven tools as part of their cybersecurity strategies, while a significant majority (84%) emphasised the importance of AI for predictive analytics and threat intelligence. Even so, 48% of participants indicated a need for further information and greater assurances before taking further action in adopting AI for these purposes.

The research highlighted that nearly two-thirds (61%) of Australian businesses do not actively monitor and manage their attack surface in real time. The study's release coincides with Trend Micro's World Tour 25, which will visit major Australian and Pacific cities including Sydney, Melbourne, Perth, Adelaide, Brisbane, Suva, Wellington and Auckland, bringing together cybersecurity professionals to discuss trends, adversary tactics, and security operations centre strategies.

Sapio Research conducted the survey on behalf of Trend Micro, interviewing 2,250 individuals responsible for IT or cybersecurity across different industries and organisation sizes in 21 countries in Europe, North America, and the Asia Pacific region.