IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Understanding the weight on security leader’s shoulders, and how to shift it

By Contributor
Fri 20 May 2022

Article by Vectra.ai APJ director of security engineering, Chris Fisher.

Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.

The latest Australian federal budget includes an almost $9.9 billion package to improve the country’s cybersecurity and intelligence capabilities. In New Zealand, Gartner finds that 73% of CIOs expect cybersecurity to be their biggest technology investment in 2022.

Meanwhile, the number of threats continues to skyrocket. In 2021, 8,831 incidents were reported to CERT NZ, a 13% increase on 2020. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports. Across the ditch in Australia, over the 2020/21 financial year, the ACSC received more than 67,500 cybercrime reports, an increase of nearly 13% from the previous year.

When it comes to cybersecurity, threats have become more sophisticated and devastating to even large companies with sizable IT budgets. The commentary on the topic can be overwhelmingly negative and complicated.

In a bid to sift fact from fiction and provide actionable, tangible steps to creating a smarter security strategy, Vectra has released its A/NZ Security Leaders Research Report. This is part of a larger global study of 1,800 security decision-makers and focuses on uncovering how today’s organisations are tackling complex, modern cyber threats.

Uncovering the problems with security

According to Vectra research, the same digital transformation that is powering innovation has also dramatically expanded the attack surface. From the rapid proliferation of the cloud to the growing adoption of micro-services, DevOps and APIs, new pockets of opportunity are opening for cybercriminals to take advantage of.

To take an extreme example, in Australia, a report from the Australian Cyber Security Centre (ACSC) found that a quarter of cyber incidents reported to security officials within one-year targeted critical infrastructure, leading to potentially significant disruption in essential services, lost revenue and the potential of harm or loss of life. This trend follows suit in New Zealand, with the annual National Cyber Security Centre (NCSC) Threat Report showing there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15% increase on last year’s total. 

Breaches today can disrupt operations, damage supply chains, destroy customer trust and open companies to regulatory fines. Often cyber-attacks cost companies a huge amount, to the point that they may not recover. In fact, in 2021, global data breach costs rose from $3.86 million to $4.24 million, and ransomware attacks resulting in stolen data and lengthy operational outages can end up costing many times that. Some companies have reported losses in the millions. This evidence alone reveals why cybersecurity is now a board-level issue.  

Within this threat landscape, what has become abundantly clear is that the old ways of defending operations are no longer working. Whether through system exploitation, phishing, using stolen accounts, or bypassing multi-factor authentication (MFA), there’s always a way in, and once inside, attackers are masters at staying hidden. To adequately defend against threats, security leaders and teams must evolve.

Four key factors that will drive change

The Vectra report found that in Australia and New Zealand, the majority (85%) of respondents stated that they felt traditional approaches wouldn’t protect against modern threats, and only 40% were confident their security tools would protect them. More than half (58%) reported they’d purchased a security solution that failed at least once, 60% were worried their tools had missed something, and 57% felt it was possible or likely they’d been breached while being unaware of it.

These findings make it obvious that security leaders are thinking about security, are aware that they’re on the back foot, and are looking for a better approach. The report also uncovered four key changes that can benefit organisations within the cybersecurity space.

For a start, a shift in thinking is required. Often, culture and mindset can be put aside in place of a technology solution, but this isn’t good enough. Security leaders need to consider how they can reorient their approach to threats, understand that attackers have the means to infiltrate even the most robust perimeters, and how to build a strong foundation. This starts at an employee level, first with the leaders within the organisation and then right down to the latest hire. A strong company culture with a security-first mindset will do a lot to build a strategy that works.

Part of the shift in thinking understands that a prevention first approach will no longer be enough. Legacy tooling and thinking is an impediment in the new threat landscape. Even so, many organisations continue to over-invest in a doomed prevention strategy that fails silently, leaving them open to being breached. We must move into detection over prevention thinking and protect against attackers in the way they are actually operating, as opposed to how you may think they are.

Another key focus for security leaders is their relationship with c-suite management and the board. As the propensity and cost of breaches increase, these key stakeholders are waking up to the risks posed by cyber-attacks, but they are not the experts. Security leaders need to find more effective ways to communicate risk and educate on how best to mitigate these risks, and get crucial buy-in for their strategies.

Finally, the report found that legislation and guidelines offer a useful starting point for businesses, with guidance and regulations helping to ensure businesses have a base security layer within their organisation. Even so, greater industry involvement and experience can help to make regulation more effective and offer a clearer understanding of the threat landscape, so leaders can move into implementing effective detection and response plans.

Finding a way forward

Genuine resilience begins with the right attitude. Many cybersecurity professionals understand that they simply can’t rely on legacy prevention-based tools any longer, nor can they rely on government advice and outdated input from boards. 

By accepting this, CISOs can begin to create the right conditions for effective cyber risk management and stop breaches before they have a heavy impact. By doing so, organisations will be able to continue to evolve their culture and security strategy to protect against threats and win in their area of expertise.

Related stories
Top stories
Story image
Microsoft
Elders signs five-year agreement with Microsoft to boost innovation
Australian agribusiness Elders has signed a five-year agreement with Microsoft that looks to transform its customer experience, efficiency and sustainability outcomes.
Story image
Ransomware
Examining the future of ransomware threats with Vectra’s CTO
As customers' valuable data move to the cloud, so will ransomware. What is the current landscape and what do we need to know?
Story image
Apple
Your tools, your choice: why allow employees to choose their own devices?
Jamf Australia says giving your team the freedom to work with their digital device of choice could help to attract and retain top talent in a tight labour market.
Story image
AGVs
Bridgestone Australia uses Dematic's AGVs to optimise warehouse operations
Bridgestone Australia has deployed Dematic's Automated Guided Vehicle solution across its new Melbourne warehouse in Truganina.
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
Story image
ASI Solutions
Western Australia CUA panel picks ASI as preferred supplier
Western Australia's Common User Arrangement (CUA) panel has chosen ASI Solutions as a preferred supplier for device hardware.
Story image
Low-code
Appian unveils low-code certification program in Australia
Appian has announced a program to provide the next generation of low-code developers with access to education on the subject and certification to foster career opportunities.
Story image
Documentation
Adobe study finds lack of digital trust and utilisation in Australian Government agencies
New research commissioned by Adobe has revealed a significant lack of digital trust within Australian Government departments, along with the continued underutilisation of key digital processes.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Media
Registrations for the W.Media Sydney Cloud and Datacenter Convention 2022 now open
Are you a C-Level executive looking to enhance your knowledge in the cloud and data center space in order to get the best results for your company?
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Cloud
BT builds on Equinix partnership with new cloud offering
BT has launched a next-generation cloud connectivity offering extending its global network into strategic carrier-neutral facilities (CNFs) and building on its existing partnership with Equinix.
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Recruitment
Thales on recruitment hunt for next disruptive innovations
"Recruiting new talent is part of Thales's belief in the power of innovation and technological progress to build a safer, greener and more inclusive world."
Story image
CSG
To win at 5G, telcos must tame their quoting chaos
The catalogs of CSP (communication service providers) market offerings are set to explode as new digital services emerge, powered by B2B2X business models.
Story image
Adobe
Marketplacer and Adobe accelerate partnership for enhanced commerce solutions
Marketplacer has accelerated its partnership with Adobe in order to further enhance the global commerce marketplace.
Story image
Artificial Intelligence
Decision Inc. partners with provenio.ai to expand offering
Decision Inc. Australia has partnered with provenio.ai to expand its offering to clients in the retail, FMCG, manufacturing, supply chain and logistics sectors.
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Storage
EXCLUSIVE: Finding the best data center for your business needs with datacenterHawk
Companies using cloud are consistently looking for the best storage solutions to suit their enterprise needs and often have to go through rather complex processes in order to find the right fit.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Artificial Intelligence
Salesforce announces new innovations for financial services
Salesforce has launched expanded financial services that offer more targeted and trusted automation to help teams unlock insights, deliver better customer service, and drive operational efficiencies.
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Story image
SaaS
Ping Identity appoints Deloitte Australia as a partner
Ping Identity has appointed Deloitte Australia as a Consulting Technology Partner, uniting its offerings with the company's consulting services.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
ABI Research
NaaS market expected to reach $150B by 2030 - research
"The market is immature and fragmented, but telco market revenue will exceed US$75 billion by 2030 if they act now and transform to align with requirements."
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Supply chain
Supply chains continue to be disrupted, enterprises embrace circular economy
“Businesses urgently need to find a solution that can help them to manage this disruption, and transition to a circular economy."
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
IDTechEx
The next stage for 5G in thermal materials - IDTechEx
IDTechEx says higher frequency deployments, such as mmWave devices and very different station types such as small cells, present their own technological evolution and, with it, thermal challenges. 
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Story image
Document Management
NZ's FileInvite raises $10M in latest investment round
FileInvite has raised $10 million in Series A investment to fast-forward the extinction of email for requesting and collecting documents online.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image