Despite the common perception that Australian companies are mature in terms of their cybersecurity postures a recent Ecosystm study reveals the opposite.
As companies move more resources to the cloud, increase IoT usage, and employees increasingly work remotely, a new approach to cybersecurity is required. A recent study based on 204 interviews with Australian cybersecurity decision-makers conducted by Ecosystm, in partnership with Fastly, highlights the cybersecurity challenges faced by Australian companies, the inadequacy of their current controls, and their lack of cyber maturity.
Organisations continue to consider data breaches and data loss as their biggest cyber risk followed by endpoint compromise. Larger enterprises in Australia, however, consider nation state attacks to be the biggest risk.
Despite an awareness of the external and internal risks of highly centralised architecture, organisations in Australia are struggling to adapt to new, more decentralised IT architectures. As business logic moves from back-o!ce application servers to remote locations and devices, companies need visibility into their resources across dispersed locations and a much larger attack surface.
Cybersecurity skills shortages in Australia are forcing companies to embrace greater automation as security operations centres (SOCs) are increasingly unable to handle the number of alerts including false positives they receive that result in wasted time. This challenge is compounded by the large number of discrete cybersecurity tools used, many of which are not integrated, increasing the burden on practitioners.
Australian companies need to transform their cybersecurity postures starting with an assumption that corporate resources will be accessed from multiple locations and from multiple devices and that breaches will occur.
They need to augment existing controls with tools and processes that make it di!cult to cause significant damage when systems and networks are attacked. This requires assets to be continuously monitored and cybersecurity postures to evolve with changing threat and regulatory environments – all in a largely automated fashion.