iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Australian businesses are unable to ward off 42 per cent of cyber attacks, according to a new study, highlighting the need for organisations to prioritise preventative measures rather than reactive cyber security.
After surveying 825 IT and cyber security professionals globally, including 100 Aussies, research conducted by exposure management company Tenable has found that within the past two years, just over half (58 per cent) of cyber attacks are successfully defended against.
Additionally, 56 per cent of survey respondents revealed that their security staff spend their time addressing incidents and don’t have the time to develop a proactive security system.
Additionally, however, three in four (75 per cent) respondents believe that proactive security would be better for their business.
Tenable also found that internal company issues also slow down security staff and make it more difficult to keep cyber criminals at bay.
One key roadblock is the number of sophisticated tools staff are expected to manage and use to thwart threat actors.
“Siloed cyber security tools, and by extension, the teams behind them, are inadvertently preventing organisations from having a clear, continuous and comprehensive view of their cyber risk,” said country manager for Tenable ANZ, Scott McKinnel.
“Internal mindsets further complicate matters and make collaboration between IT and security teams challenging.
“The findings show that 48 per cent believe coordination between these teams is difficult, while 62 per cent highlight IT is more concerned with system uptime over patching and remediation.”
There has been a push by the Australian government to shift reliance away from third-party software tools and tech providers due to the additional security risk. Already just in the last two years, we have seen a plethora of third-party supply chain attacks leading to breaches in both government and big business, such as with the MOVEit breach.
The concern surrounding the high reliance on third-party software is very real, with Tenable finding that a massive 65 per cent of organisations use third-party tools, but only 46 per cent “have high and very high visibility into third-party environments”.
McKinnel said there is much to be learnt from the security discrepancies between high-maturity and low-maturity organisations, with the research concluding three key themes.
“Low-maturity organisations are more likely to be stuck in reactive mode. In the past 12–24 months, high-maturity organisations preventively defended against 61 per cent of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56 per cent of attacks were preventively defended, while 44 per cent were reactively mitigated.
“High-maturity organisations see the value in data aggregation: 57 per cent use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46 per cent of low-maturity organisations.
“High-maturity organisations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57 per cent of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72 per cent of low-maturity organisations,” McKinnel said.
Be the first to hear the latest developments in the cyber industry.
