Published on the 29/09/2021 | Written by Heather Wright
Local companies reveal true cost in breaches…
Companies are planning significant security upgrades to shore up defences increasingly at threat from remote work, with local companies revealing just how compromised their networks are in a new report.
The Forrester report, Beyond Boundaries: The Future of Cybersecurity in the New World of Work, shows 84 percent of Australian organisations believe enabling remote working has increased exposure to cyber risk. Only Saudi Arabian respondents were more convinced of the remote work impact, at 89 percent. (Sorry New Zealand, we weren’t included in the report, so there’s just the international stats for us.)
“92 percent reported they have experienced at least one business-impacting cyber attack in the past 12 months.”
And it’s not a hypothetical threat, either, with 92 percent of Australian organisations reporting that they have experienced at least one business-impacting cyber attack in the past 12 months. Seventy percent have fallen victim to three or more and 29 percent of Australian organisations surveyed reported they had experienced five or more ‘business-impacting’ cyberattacks or compromises in the past 12 months.
Those ‘business-impacting’ attacks saw the loss of customer, employee or other confidential data; interruption of day-to-day operations, ransomware payout, financial loss or theft and/or the theft of intellectual property.
And remote work, and the systems put in place quickly in response to the pandemic, are firmly in the firing line when it comes to blame, with 73 percent of the Australian attacks targeting remote workers, and 70 percent resulting from vulnerabilities in systems put in place in response to the pandemic. That’s higher than the global average of 67 percent saying the attacks targeted remote workers, but lower on the system vulnerability side with 74 percent globally blaming vulnerabilities in systems put in place as a response to the pandemic.
Globally 92 percent of those surveyed reported their organisation had experienced at least one business-impacting attack or compromise within the last 12 months.
Security leaders, unable to see into the home environments of employees, were suddenly faced with increased threats as organisations’ singular attack surface expanded virtually overnight into a myriad of smaller and less-controlled attack surfaces, many lacking security controls.
Endpoint devices dependent on perimeter-based security were taken outside that perimeter while unmanaged devices proliferated, enabling a slew of new attack paths for hackers wanting to penetrate corporate networks.
While those threats could have been alleviated through stronger security measures to protect the extended perimeter, many companies were under pressure and focused on just maintaining operations and enabling staff to remain productive.
A recent report, Rebellions and Rejections, from HP Wolf Security (a division of HP Inc) showed 48 percent of Australian IT teams surveyed felt ‘significant pressure’ for security to take a backseat to business continuity during the pandemic.
There’s been plenty of talk about how the pandemic has accelerated the pace of technological adoption, with an uptick in cloud-based solutions, expanded software supply chains and the quick rollout of connectivity, collaboration and productivity tools.
And it’s not about to stop. The Australian results show business and security leaders plan to continue their focus on enhancing existing digital platforms (65 percent), moving non-critical business functions to the cloud (55 percent) and creating new digital platforms (57 percent).
Globally though, security is also in focus, with eight out of 10 security leaders say they’re planning on increasing their spend for network and data security. Roughly three-quarters plan to spend more on vulnerability management and cloud security and endpoint security and credential/identity access management is also in for a budgetary boost, cited by 66 percent and 65 percent respectively.
Further exacerbating their concerns is the lack of security staff available to adequately monitor attack surfaces – just 29 percent of Australian organisations believe they have enough staff.
The HP Wolf report laid bare another security issue, revealing that younger workers aged 18-24 in particular are rebelling against security protocols, with apathy, a lack of concern for security and a lack of training also running high.
That report showed 48 percent of office workers in the 18-24 age bracket through security policies were a hindrance, and 54 percent were more worried about deadlines than exposing the business to a data break.