IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Supply chain attacks, ransomware leads to loss of trust in IT vendors
Thu, 9th Dec 2021
FYI, this story is more than a year old

Increasing supply chain attacks, ransomware extortion demands and slower detection speeds are reducing trust in legacy IT vendors, according to CrowdStrike's 2021 Global Security Attitude Survey, conducted by independent research firm Vanson Bourne.

Recent attacks such as Sunburst and Kaseya have once again brought supply chain attacks to the fore and the survey results echoed this with almost half (49%) of Australian organisations experiencing a software supply chain attack within the last 12 months.

This is having a significant impact with 55% of Australian organisations reportedly losing trust in a key supplier due to security concerns in the past 12 months.

In fact, 75% of Australian organisations were specifically losing trust in legacy IT vendors, such as Microsoft - more than any other country surveyed.

Yet many Australian organisations still aren't doing enough to protect themselves, just 44% have actively vetted suppliers in that same period.

Globally, respondents estimate it would take 146 hours (c. 6 days) to detect a cybersecurity incident, up from 117 hours in 2020.

Once detected, it takes organisations 11 hours to triage, investigate and understand a security incident, and 16 hours to contain and remediate one.

Australian organisations are tracking above average, 46% estimate they would be able to detect a cyber incident within a day, and 36% within an hour. However, 16% state that it would likely take their organisation more than a day to detect an attack.

CrowdStrike chief technology officer Michael Sentonas says, “The survey presents an alarming picture of the modern threat landscape, demonstrating that adversaries continue to exploit organisations around the world and circumvent outdated technologies.

"Today's threat environment is costing businesses around the world millions of dollars and causing additional fallout. The evolving remote workplace is surely accentuating challenges for businesses as legacy software like Microsoft struggles to keep up in today's accelerated digital world."

CrowdStrike encourages organisations to strive to meet the 1-10-60 rule - where security teams demonstrate the ability to detect threats within the first minute of an intrusion, investigate and understand the threat within 10 minutes, and contain and eradicate the threat within 60 minutes - given that, local organisations still have a way to go.

This response time is particularly alarming in our remote-first world. Indeed, 80% of Australian respondents who have experienced a cybersecurity incident cited remote working as the direct cause in 2021, the researchers state.

The survey indicates that ransomware attacks are continuing to prove effective, with average ransomware payments made by Australian organisations in 2021 US$1.53 million (AUD$2.15 million).

In Australia, 67% of organisations reported suffering a ransomware attack in the past 12 months, while 79% say they would consider paying a ransom to recover encrypted data in the event of a software supply chain attack, the highest figure in APJ.

Alarmingly, 93% of Australian organisations who paid a ransom in the last 12 months have also been victims of re-extortion fees.

In the 2021 Threat Hunting Report, CrowdStrike's Falcon OverWatch reported that eCrime threat actors are able to move laterally across an organisation's network in an average of 92 minutes.

This paints a sharp contrast between the capabilities of today's swift attackers and defenders who are increasingly slowed down by high volumes of alerts and tools that lack integrated workflows.

Sentonas adds, “This presents a clear clarion call that businesses need to change the way they operate and evaluate more stringently the suppliers they work with.

"The threat landscape continues to evolve at a frightening pace and it's obvious that modern organisations need a cloud-native, holistic end-to-end platform approach to tackle and remediate threats in a swift manner.