The majority of breaches go undetected as the number of cyber attacks grows
As the world is becoming more connected, cyber-security has emerged as a major issue for businesses all over the world. With increasing cyber-crime rate, all types of organisations are regularly experiencing breaches that cause interrupted business operations, compromised customer data, and stolen intellectual property, among many other issues.
According to the new Telstra Security Report, in the last two years 55 percent of Australia businesses claimed that they were fined for being involved in a breach of new legislation. Also, two-thirds of businesses in the country experienced a security breach last year.
Key findings of the 2019 Telstra Security Report
The 2019 Telstra Security Report revealed that 65% of Australian businesses were interrupted by a cyber-security threat, and 89% of Australian companies estimate that breaches occurred but went unidentified. This number has risen by 12% since 2018.
Undetected cyber attacks by Australian businesses 2018. Source
The report also concludes that awareness and understanding of security importance have increased among Australians nationwide. Nearly 84 per cent of Australian business says that they will increase their security budgets, which currently averages over $900,000 annually. These businesses say they will increase their budget within the next 12 to 24 months to deal with security threats.
The report suggests that businesses now have better incident response plans prepared to tackle cyber-attacks. Of the respondents who have an incident response plan in place, many are reviewing their plans every month.
After the introduction of new regulations such as the European Union’s Global Data Protection Regulation and the Notifiable Data Breach Scheme in Australia, C-level and senior management have shown interest in security. The number of meetings with senior stakeholders on discussing security issues has considerably increased.
Human error is the primary risk factor
According to the Telstra Security Report 2019, human error is the primary source of threat to IT security. It is often caused by inappropriate and ineffective business processes. It also happens because employees often don’t understand or overlook the security policies of their organization.
Human error or targeted attacks on an employee were reported to be the highest risks to IT security by 36 per cent of respondents.
Cyber criminals make huge profits from ransomware. This highly pervasive threat encourages potential victims of ransomware to adopt better safety policies against such cyber attacks.
Ransomware incidents have remained about the same last year. Among Australian respondents who were interrupted by a cyber attack last year, 32 percent faced ransomware attacks on a weekly basis.
It can be a tricky situation to navigate, especially considering that paying the ransom doesn’t guarantee data retrieval. More than half of businesses in Australia have experienced ransomware attacks in the last year, and 77 percent of those who paid were able to retrieve their data, compared with 86 percent the year before. If attacked again, 79 per cent of them would pay the ransom again if there was no back-up of the impacted data.
Detecting data breaches
Timely detecting and efficient handling of cyber-attacks are still big challenges for Australian businesses. Nearly 19 percent of the surveyed respondents estimated that more than half of cyber-attacks impacting their company went undetected last year, despite 74 percent of businesses believing that they had strong security systems in place at the time incident occurred.
It is true that Australian businesses are faster at detecting these attacks than other nations. Still, 62 percent of the total local respondents that experienced an attack were able to detect a breach in minutes or hours, as compared to 50 percent worldwide. Businesses are still taking a considerably longer time to detect and address a breach.
The 2019 Telstra Security Report suggests that security will continue to be the top priority for Australian businesses, and companies will increase their investment in security of their data. They will introduce and adapt new compliance measures focused on the automation of processes and to demonstrate all important precautions in place.
Managing cyber and electronic security is a much broader landscape. The more connected devices, the broader the landscape becomes. The situation also introduces opportunities to use new technologies for better management of security risks.
This year’s report outlines general best practices for Australian businesses that they can consider as part of their overall security strategy. It includes having multi-layered defenses, regular architecture reviews, and ensuring educated and trained employees. While the number of breaches has increased, the technology and awareness needed to counteract the breaches is also improving in response. Still, while businesses can and should invest in top-level security measures, extra vigilance could be the only way to make sure that an attack doesn’t Australian businesses.