Why are cybersecurity investments failing?
Most companies appear to have got through the Covid-19 crisis without being crippled by cyber-attacks or massive data breaches - or so it may appear anyway.
The shift to remote working was expected to be an irresistible honeypot to hackers and scammers as employees moved off trusted networks and onto home devices more susceptible to malware.
That may well have proven the case and the security software firms have certainly detected an uptick in hacking and phishing attacks. In a crafty new approach that accompanied the rise of home-based video conferencing, hackers registered domain names posing as Zoom, Google Meet and Microsoft Teams URLs.
With all of us receiving a flurry of conference call requests, it is likely that more than a few of us clicked on a dodgy link and were exposed to malware or tricked into parting with personal information as a result.
While Covid-19 didn't spark a cyber meltdown, there are signs that companies were really struggling with cybersecurity even before the world changed with the global lockdown.
New global research from consulting firm Accenture, based on the surveying of security executives, found that 80 per cent of Australian companies believe that their "cybersecurity investments are failing". Those companies also reported an increase in breaches of 50 per cent in Australia between 2018 and 2019.
Company IT and security managers paint a picture of spiralling costs and a constant battle to keep up with threats. Nearly half of Australian companies reported increased spending on cybersecurity in the last two years, with 11 per cent reporting a cost increase of over 25 per cent.
The threat vectors are clearly expanding, but increased effort doesn't appear to equate to greater cybersecurity. Of the 373 Aussie security executives surveyed, less than half said they are "actively protected by their security programs" and over 90 per cent of breaches in their companies lasted more than 24 hours.
So what's going on?
According to Accenture, companies are doing the basics reasonably well. In the global survey of over 4,644 security executives, Accenture found that direct attacks on companies and security breaches are actually down on the previous year.
Still, many see the escalating spend on cybersecurity as unsustainable.
A better approach is needed or cybersecurity is going to become a millstone around companies' necks.
So what's the answer?
Look to the leaders. Accenture's research identifies a group of companies that it considers "cybersecurity" leaders.
They move fast when it comes to detecting and addressing cybersecurity threats, choose "turbocharging technologies" to help them do that, focus on value from investments, scale-up changes through the organisation and have a strong focus on training.
What are those turbocharging technologies? Survey respondents picked AI (artificial intelligence) as the key technology enabling better cybersecurity measures, with Security Orchestration Automation and Response (SOAR), next-generation firewalls and privileged access management ranking the highest.
Here's the bottom line
For leaders, 1 in 27 attacks leads to a security breach, for non-leaders, 1 in 8 attacks leads to a breach.
"Using threat intelligence and more strategic approaches to cybersecurity can help Australian organisations stay protected and better equipped to respond effectively when the enemy strikes," says Joseph Failla, Security Lead, Accenture Australia and New Zealand, commenting on the research.
"By becoming more resilient and agile, businesses will be able to grow confidently through this turbulent time."
The results are likely to be similar for New Zealand. Finally, there was also a warning call issued by Accenture about the threats that come from your partner ecosystem and supply chain. You are likely to be sharing data and often infrastructure with other companies and individuals. Only 60 per cent of an organisation's "business ecosystem" is protected by their cybersecurity programs, according to Accenture.
"That is an issue when 40 percent of breaches come via this route. In such an environment, few organizations have the luxury of standing still," Accenture warns.
"Fully 83 percent of our respondents agreed that their organizations need to think beyond securing their enterprises and take steps to secure their ecosystems to be effective."
Download the Accenture report Lessons from leaders to master cybersecurity execution.
You must be logged in in order to post comments. Log In