sb-nz logo
Story image

Attack volumes, breach levels and security investment all rise in Australia

14 Jul 2020

A massive majority of CIOs, CTOs and CISOs in Australia have reported an increase in cyber-attack volume and breaches in the last 12 months.

94% of 250 high-level executives around Australia surveyed in a report released today from VMware have noticed a surge in attack volume, which has, in turn, prompted increased investment in cyber-defence.

Additionally, 96% of respondents acknowledged that their business suffered a security breach of some kind within the last year, with the average organisation suffering two breaches during that time period.

88% of Australian executives believe cyber-attacks have become more sophisticated, while a huge 96% plan on increasing cybersecurity budgets in response to this.

In fact, many organisations have already begun sizeable investments into security infrastructures – according to the report, an average of more than seven different tools are used by Australian businesses to bolster cyber-defence.

“Siloed, hard-to-manage environments hand the advantage to attackers from the start,” says VMware Carbon Black cybersecurity strategist Rick McElroy.

“Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment. 

“As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.”

The report also found that OS vulnerabilities and third-party applications were the leading causes of breaches, both with 18% respectively, followed by web application attacks.

The method of attack known as island-hopping was identified as a notable cause of breaches at 11%, despite only being cited by 4% of respondents as the most common attack type experienced. McElroy says this is because attack vectors in the supply chain prove an easy target for hackers.

“Island-hopping is having an increasing breach impact with 11% of our survey respondents citing it as a main cause of breaches,” he says.

“In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure.”    

The VMware report also drew a direct link between a worldwide increase in cyber-attack volume and the COVID-19 pandemic.

In a separate survey which quizzed global respondents from the US, UK, Singapore and Italy, 91% of cybersecurity professionals said attack volumes have increased as more employees work from home, while 92% said their organisations have experienced cyber-attacks linked to COVID-19 malware.

“These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation,” says McElroy.

“The 2020 survey results suggest that security teams must be working in tandem with business leaders to shift the balance of power from attackers to defenders. 

“We must also collaborate with IT teams and work to remove the complexity that’s weighing down the current model,” he adds.

“By building security intrinsically into the fabric of the enterprise – across applications, clouds and devices – teams can significantly reduce the attack surface, gain greater visibility into threats, and understand where security vulnerabilities exist.”

Story image
Advanced Security buys local electronic security integrator
Advanced Security Group has added another company to its portfolio – this time it’s South Island-based electronic security integrator VIP Security.More
Story image
Machine identities increasingly exploited, new research finds
Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.More
Link image
The dos and don'ts of protecting a remote workforce
This exclusive monthly webcast series explores all of the possible security pitfalls of working remotely, and the best solutions to use to avoid falling victim to them.More
Story image
Securing the enterprise network with Fortinet: Perimeter, core and edges
Jon McGettigan, Fortinet A/NZ Regional Director, discusses ‘core and edge’ network topology and explains why only fully-integrated security services can offer comprehensive protection.More
Story image
Tanium and Google Cloud bring greater security to distributed IT
“This joint solution with Chronicle gives Tanium customers access to massively scalable analytics and investigation capabilities far beyond that of other endpoint detection and response point tools."More
Story image
Claroty and Check Point announce partnership to secure industrial control networks
The collaboration is based around an integration between Claroty’s Continuous Threat Detection (CTD) and Check Point’s recently released IoT Protect solution. More