SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Australian & NZ firms hit hard by cybersecurity breaches
Thu, 9th Nov 2023

New research conducted by asset intelligence cybersecurity company, Armis, with the commission of Vanson Bourne, revealed that 74% of organisations in Australia and New Zealand (ANZ) had suffered a data breach in the past year as part of a cyberattack, with 41% experiencing multiple breaches. The most common ensuing consequences were financial loss at 42% and 41% operational downtime.

The research pointed out that Cybersecurity and IT decision makers in these regions on average use a combination of 13 different asset management tools and data from 10 different threat intelligence sources, an effort aimed at improving the lack of oversight of their operating environment. Armis noted that, on average, only 57% of assets connected to an organisation’s network are monitored, leaving a significant 43% unmonitored, demonstrating the challenge faced in prioritising and effectively directing proactive and reactive cybersecurity efforts.

Curtis Simpson, CISO at Armis, stated, “In the wake of significant cyber attacks across the region, the public and private sectors are taking rigorous steps to optimise around cyber resilience.” Simpson stressed the importance of understanding how technical assets relate to business systems and strategies which ultimately allows for greater resilience and the enhanced protection of an organisation’s overall attack surface.

The research showed that organisations struggle with limited actionable threat intelligence and disjointed threat intelligence sources, hindering their vulnerability prioritisation and remediation efforts. Moreover, businesses in ANZ have automated or orchestrated only 49% to 53% of their processes related to threat intelligence, leaving a substantial portion of work to be done manually. Adding to the challenge, only 55% of the information gathered from threat intelligence sources is actionable, with 19% of organisations reporting feeling overwhelmed by cyber threat information. High-risk vulnerability identification and remediation topped the list of cybersecurity priorities for the next year among survey respondents.

A growing concern with unmonitored company assets and lack of oversight into employee-owned devices, has exposed company environments to potential security breaches. Armis discovered that only 57% of over 57,000 physical and virtual assets connected to the company networks are monitored on an average business day, leaving many unmonitored. The problem escalates as employees increasingly bring their own devices into the business environment. More than half (55%) of ANZ organisations reported lacking complete control over these devices, with further complications due to lax enforcement of BYOD policies.

“The threat landscape is constantly evolving, affected by global trends such as the explosion of connected devices and remote work models," commented Jeroen Nooijen, Regional Vice President, EMEA and APJ, Armis. He concluded that organisations need to be proactive in their security strategy, seeing, securing, and managing their environment on an ongoing basis to protect their most critical systems and assets. This holistic approach has been proven to be effective against the rising cyber threats.