Australian businesses largely expect to be affected by cyber attacks going forward, according to a new report.
Despite cyber risk levels declining from “elevated” to “moderate”, according to the Trend Micro Australian cyber risk index (CRI), 84 per cent of Australian organisations believe that it was “somewhat to very likely” that they would suffer from a successful cyber attack.
In addition, 79 per cent of respondents said that it was just as likely that they would suffer a breach of customer data, while 80 per cent expected a breach of IP.
The pessimistic view of the cyber climate that Australian businesses have is, however, having a positive effect on cyber preparedness as organisations introduce new procedures to protect themselves from the increasing cyber threat.
“We saw the Australian cyber risk index (CRI) improve from -0.54 in 1H 2022 to -0.12 in 2H 2022. It means that organisations may be taking steps to improve their cyber preparedness,” said Trend Micro ANZ technical director Mick McCluney.
“There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control.”
CRI respondents reported that the top four threats they faced for the second half of 2022 were clickjacking, ransomware, crypto mining, and login attacks/credential theft.
In addition, respondents said that employees presented a major security challenge, making up two of their top five infrastructure concerns.
“As the shift to hybrid working gathers momentum, organisations are rightly concerned about the risk posed by negligent employees and the infrastructure used to support remote workers,” said Ponemon Institute chairman and founder Dr Larry Ponemon.
“They will need to focus not only on technology solutions but [also] people and processes to help mitigate these risks.”
For many organisations, insufficient employee awareness of the risks that cyber presents is the biggest security challenge they face in 2023.
According to a report from Mimecast, 43 per cent name the concern of employees being unaware of cyber threats as the biggest security challenge they face.
“Year on year, our research shows employees are a top concern for businesses when it comes to privacy, and eight out of 10 respondents (78 per cent) believe their company is at risk due to inadvertent data leaks by careless or negligent employees,” said Mimecast director of solutions engineering APAC Garrett O’Hara.
“Everyone is responsible for security, not just the IT department.
“Cyber risk is a massive business risk, so in order to get buy-in from the board, there needs to be a return to basics to make privacy and security relevant to everyone.”
A large portion of Mimecast respondents confirmed that they did indeed provide their staff with awareness training, with 77 per cent providing it at least once a quarter. However, this is down from 85 per cent from the year prior. Furthermore, 23 per cent offer it once a year or less.
To further their cyber preparedness and improve employee cyber awareness, O’Hara said that organisations should strive to provide engaging and updated awareness training regularly and create an environment where staff feel comfortable expressing concerns.
Additionally, organisations should “turn threats and insights into hard data, and convert the data into a digestible, compelling narrative that can be presented to all members of the board, to ultimately achieve additional funding for cyber security”.