itb-au logo
Story image

Threat alerts in Australia on the rise but majority are fake - Cisco

12 Nov 2019

The annual Cisco 2019 Asia Pacific Chief Information Security Officer (CISO) Benchmark Study, which compares 11 countries and their cybersecurity standing, reveals that data breaches are costing Australian businesses more than any other country.

The study which interviewed almost 2,000 security professionals, 209 of which were Australian CISOs, highlights that the majority of Australian organisations have suffered a breach which cost over one million dollars and had a significant impact to business.

Downtime is a detriment to profits and productivity

Longer downtime is one of the key factors identified in the study that is resulting in higher financial costs to businesses.

The study looked into the effect and costs of outages on Australian businesses and found that 75% of Australian organisations experienced an outage of 5-16 hours.

This is longer than the global average of 43%.

A massive 84% of Australian businesses also reported their most severe breach cost them over $1 million, higher than any other country in the APJC region of the report.

With the number of cyber threats increasing rapidly, the real challenge for Australian businesses is how they can best prepare and invest to fight the increase in daily alerts and prevent monetary loss.

False alerts impacting prevention productivity

69% of Australian organisations reported receiving more than 100,000 alerts every single day, more than double last year’s figure, and of these, the majority are being identified as false. Last year, 65% of investigated alerts were legitimate, now only 33% are, highlighting the increase of false alerts.

False alerts are also having a negative impact on fighting legitimate upcoming threats, with the number of real cybersecurity incidents that have been resolved down by 31%, from 69% that was recorded in 2018.

Australia’s increasing cybersecurity fatigue

The sheer number of incoming threats is having a drastic impact on Cybersecurity Fatigue, with the study finding that Australian businesses are experiencing a higher level of fatigue at 65% in comparison to the global average 30%.

Cybersecurity Fatigue is defined in the report as virtually having given up on proactively defending against threats due to the rapid evolution of attacks.

Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for companies.

In Asia Pacific, 25% of respondents have already experienced an attack on their operational infrastructure (versus 21% globally), and 73% expect this trend to increase in the next year (versus 64% globally).

Shortage of skilled professionals

Cybersecurity adoption is also highlighted as a key issue in the study.

Budget constraints were reported as the top obstacle for the first time (37%), followed by organisational culture/attitude about cybersecurity (32%) and competing priorities (30%).

Last year’s top challenges of certification (33%), organisational culture (30%) and competing priorities (28%).

However, Australia is making great strides when investing in people and teams rather than just technology.

They are relatively confident in their security tools’ ability to deal with adapting threats.

Commenting on the findings of the study, Cisco Australia and New Zealand’s cybersecurity director Steve Moros says, “Businesses are now facing challenges from all sides - it is a constant battle.

“Our report shows that data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks and in turn suffer cyber fatigue where they don't have the resources, either in people or time, to proactively protect their business.”

Moros adds, “It is clear that investing in people and skills is the best way forward to alleviate cyber fatigue and increase proactive cybersecurity, particularly around identifying false threats quickly to focus on the high-risk threats.

“There is no doubt that as we move into a more digital open playing field these threats will increase, but by investing in upskilling in cybersecurity and working with security partners we can all fortify our cybersecurity workforce for the better.”

“What we can see is that CISOs struggle with user behaviour and a Zero Trust approach can help minimise the impact of that. This helps organisations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network, and gain insight into users and devices, identify threats and maintain control across all connections in the network.”

“Another aspect is creating a cybersecurity resilience plan so all employees are aware of the risks, their role and how to react in a data breach,” he says.

“Finally, educating board members on what data breaches could look like, the monetary impact and also how the business can prepare and invest, will help to unlock further budget for investment into cybersecurity so the above can be achieved.”

Link image
On 10 December, find out how data centers will fare in the face of climate change
From pandemic disruption to the urgency to address climate change, data center development in Asia Pacific needs to remain resilient and sustainable. On 10 December, join this webinar to learn about viable solutions data center operators can use to overcome environmental challenges. Register now.More
Story image
Is the 'fast follower' mentality holding back anti-money laundering in Australia?
The decade-old rules-based systems cannot keep up with sophisticated cyberattacks and money laundering threats on their own, writes FICO financial crimes leader for APAC Timothy Choon.More
Link image
How to supercharge digital transformation with Azure training
Cloud computing is proliferating fast in New Zealand, but many organisations are being held back by limited knowledge. Power up your transformation with Auldhouse's Azure training classes.More
Story image
Talend certified for AWS Migration and Outposts
Recognises ability to enable migration to AWS and product integration to aid companies looking for a hybrid-cloud solution.More
Story image
Why automating the finance function is critical for future growth
As well as continually struggling with tedious workflows and manual processing, many finance professionals are still finding it a challenge to complete their month-end close. This is where software can help, writes BlackLine regional vice president for A/NZ Claudia Pirko.More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More