itb-au logo
Story image

Phishing leading cause of data breaches across Australia

Phishing attacks have been revealed as the primary cause of data breaches in Australia, with new research from Carbon Black reporting phishing attack-related breaches were highest in government and local authorities, followed by organisations in financial services and manufacturing and engineering.

Carbon Black's Australian Threat Report, in its second year, surveyed 250+ CIOs, CTOs and CISOs across Australia. 

The report found 97% of Australian organisations reported suffering a data breach during the past 12 months, while 90% of Australian organisations reported an increase in overall attack volume in the past 12 months.

According to the research, 89% of Australian organisations said cyberattacks have grown more sophisticated. Moreover, 98% of Australian organisations said they have IT security concerns around digital transformation projects and 5G network rollout.

Eight six percent of Australian organisations said they are more confident in their ability to repel cyberattacks than they were 12 months ago, and 93% of Australian organisations said threat hunting has improved their defenses.

The report also says 96% of Australian organisations said they plan to increase their security budgets over the next year.

“As we analyse the findings of our second Australian Threat Report, it appears organisations are adjusting to the ‘new normal’ of sustained and sophisticated cyberattacks," says Rick McElroy, head of security strategy, Carbon Black.

"Greater awareness of external threats and compliance risks have also prompted organisations to become more proactive about managing cyber risks as they witness the financial and reputational impacts that breaches entail," he says.

Phishing attacks were found to be the prime cause of breaches in Australia, at 27%. McElroy says this indicates hackers are targeting the weakest link in the security chain – end users.

The report found phishing attack-related breaches were highest in government and local authorities at 44%, followed by organisations in financial services at 25% and manufacturing and engineering at 24.5%.

The report found that 56.5% of Australian organisations surveyed noted a degree of financial damage associated with breaches, with 17% saying the damage was severe. 

Seventy five percent of respondents said they suffered damage to their corporate reputation. Reputational impact was felt most keenly in the government and local authority sector, with 44% reporting severe damage, just ahead of the utilities sector where 43% suffered severe fallout.

According to the report, defender confidence is on the rise. Participating Australian organisations reported feeling more confident (86%) in their ability to repel cyberattacks than they did 12 months ago, with 43% of respondents said they feel a little more confident and 43% feel a lot more confident.

“As the cyber defence sector continues to mature, organisations are becoming more aware of the tools at their disposal and the tactics they can use to combat cyberattacks," McElroy says.

"We believe this growing confidence is indicative of a power shift in favour of defenders, who are taking a more proactive approach to hunting out and neutralising threats than previously," he explains.

This is underlined by the 93% of Australian organisations surveyed who reported seeing their defence strengthened through threat hunting and 86% who found evidence of malicious cyberattack activity during hunting exercises. 

Recognition of cybersecurity investment benefits is further supported by the fact that 96% of Australian organisations surveyed said they planned to increase cybersecurity budgets in the next 12 months.

The research also highlighted concern about digital transformation, 5G rollout and cyber skills shortages.

Asked about the security around the implementation and management of digital transformation programs and 5G rollout, only 2% of Australian respondents said they had no concerns, while 49% predicted it would offer more effective and destructive methods of cyberattacks.

Story image
Schneider brings AI to fight against energy consumption
The investment into adding AI-assisted advising to its energy and sustainability services aims to promote efficiency and a total reduction of clients’ emissions.More
Story image
How process automation can help in a COVID-19 world
Where cumbersome manual steps have done the job in the past, many are finding they don’t easily translate to a world of remote working. As a result, organisations are increasingly coming to the conclusion that significant changes need to be made.More
Story image
2talk provides SIP services that put your business in charge
2talk is a provider that is committed to providing solutions to small and medium enterprises in Australia and New Zealand.More
Story image
Accenture invests US$3 billion into cloud migration initiative
Accenture Cloud First is a new multi-service group of 70,000 cloud professionals that brings together Accenture’s industry, technology capabilities and ecosystem partnerships.More
Story image
IBM, Alphabet and well-funded startups in the race for quantum supremacy
"It may not come as a surprise that quantum computing one day replaces artificial intelligence as the mainstream technology to help industries tackle problems they never would have attempted to solve before.”More
Story image
Gartner: By 2023, 65% of the world will have personal data covered under modern privacy regulations
“Security and risk management (SRM) leaders need to help their organisation adapt their personal data handling practices without exposing the business to loss."More