IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Advanced Persistent Threat Protection
#
AI
#
Breach Prevention

Protecting against the cost and impact of cyber crime

Wed, 31st Jul 2024
By Matt Caffrey, Senior Solutions Architect, Barracuda

Cyberattacks are costly. Not just in terms of direct financial losses, such as a ransom payment or a fraudulent money transfer resulting from an email scam, but also through operational disruption, productivity loss, damage to brand reputation and customer trust, and through the resources required to fix and recover from the attack. 

Recent research among IT security professionals found that just under half (47%) the Australian organisations surveyed were hit with one or more cyberattacks in the last year, and the average annual cost of dealing with these incidents came to more than $AUD 4.1 million.

This high number is not surprising if you look at how cyberthreats are evolving – over half of Australian respondents said attacks had become more sophisticated (58%) and more severe (52%) over the last year, taking longer to recover from and fix.

Here we’ll examine the factors behind these costs and how organisations can best harden their defences to mitigate the expense and impact of an attack.

The costs of a breach
Easy access to criminal tools for hire, coupled with the growing ability to automate and scale attacks, for example through generative AI, is bringing cybercrime within reach of a wider pool of attackers, including those with limited skills and resources. 

Our research discovered that for Australian respondents the average yearly cost associated with the theft of IT assets, damage to infrastructure, incident investigation and remediation activity stood at just over $AUD 2.6 million. System downtime and the resulting lost productivity and operational disruption added another $AUD 1.5 million. These sums are compounded by longer term issues such as the loss of customer trust and potential regulatory and legal issues. 

The technical and organisational barriers to effective security 
The research highlights some of the top challenges that make it harder for organisations to protect their assets and employees against cyberattacks and their impact.

The list is headed by the difficulty of implementing uniform security policies and programmes across the business. These policies are often business critical, including authentication measures and access controls, areas where any gaps will be quickly exploited by cyber attackers looking to steal credentials, compromise accounts and gain access to the network.

Also near the top of the list of what’s keeping security teams awake at night is the lack of visibility into the network and applications, together with difficulty in securing the supply chain and not having a complete inventory of third parties with access to sensitive and confidential data.

While 90% of Australian organisations have an incident response plan in place, a quarter of respondents said the plan is not applied consistently across the organisation. One in 10 admitted that they don’t currently have an incident response plan. 

The absence of a plan, or an untested plan can limit an organisation’s ability to act swiftly and effectively in the event of an incident. Any delay or confusion in response not only hampers mitigation efforts but can also amplify the damage caused by the breach. 

As cyber criminals start to harness AI tools and technologies, security teams face rapidly evolving challenges in defending against attacks.  Although 81% of Australian respondents feel confident that they understand generative AI, up to a quarter, don’t know if their IT infrastructure is equipped to handle automated security attacks launched using generative AI (25%) or whether they would have to find new ways to protect the organisation (19%). 

Fortunately, there is a lot that organisations can do to harden their security against these emerging threats.

Learning from best practice
The research looked at the security strategies of those organisations that had a highly effective security posture, defined as the ability to address cyber risk, vulnerabilities and attacks.

These ‘High Performer’ organisations are the most likely to say that the risk level is increasing, and that attacks are becoming more sophisticated and severe. They are, however, also more likely to say they have the security resources and investment they need.

Further, these high-performing organisations are likely to have company-wide and tested incident response plans in place and to understand the need to adapt to the risk of AI-powered threats. 

Prioritising investment to secure the future 
Attackers are learning how to leverage AI-powered tools such as generative AI to increase their efficiency, automate their activity and boost the chances of success. 

Future-proofing security investments requires a commitment to ongoing employee awareness training, innovation, and strategic planning. As cyber threats become increasingly sophisticated, so must the defences organisations deploy. Embracing this challenge head-on, with a clear understanding of the financial stakes and a strategic investment approach, businesses can safeguard their future in an uncertain digital age.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloudera launches new data security service amid breach surge
Tecala joins Netskope MSP Program for enhanced cloud security
SAP SuccessFactors HR CONNECT 2024: An Exploration of AI and HR Innovation
Cohesity & CrowdStrike expand partnership for advanced cybersecurity
The one BYOD security solution every enterprise needs (but isn’t using)
Top stories
Titans of Tech - Kip Compton of Fastly
Cloudera makes waves in ANZ with hybrid data approach
Cloudera’s AI play is all about data, leveraging a decade of experience
Versent to assist in navigating mandatory climate reporting
Access4 acquires Channel UC to boost cloud communications