Aussies stuck in cybersecurity limbo

Results from CyberArk have revealed nearly two-thirds (64 per cent) of Australian business professionals have concerns that their organisations, and executives in particular, are the target of “carefully crafted attacks – like phishing attempts”.

This is according to the Global Advanced Threat Landscape Report 2018 that surveyed over 1,300 IT security professionals, developer operations and app development professionals, and business owners across seven countries.

However, despite the concern, nearly half (41 per cent) of Australian respondents in particular reported they didn’t have sufficient knowledge about security policies, and the same percentage stored their passwords in a document or company PC/laptop.

Additionally, 45 per cent of Australians felt their organisation couldn’t prevent all attacks to their internal network, and 42 per cent didn’t understand their specific role in the event of responding to a cyber attack.

The report also noted that half of global respondents said their organisations didn’t fully inform customers when their personal data was compromised in a breach.

“As we’ve seen in incidents at Yahoo!, Uber and more, companies have a tendency to downplay breaches either through complete non-disclosure of events, or by only partially disclosing the extent to which systems and data have been breached,” commented CyberArk regional director, Australia and New Zealand Matthew Brazier.

He also pointed to the Notifiable Data Breaches scheme, which introduces an obligation to notify individuals whose data was involved in a data breach, that comes into effect on February 2018, alongside fines for lack of compliance.

“If it continues, this approach will have tangible consequences in 2018,” Mr Brazier said.

“What’s concerning about CyberArk’s findings is that poor security practices continue to be upheld, despite the increased awareness of cyber security risks and the prevalence of high profile cyber attacks in the headlines.”

More than half (52 per cent) of global business leaders said they didn’t know what to do in the incidence of a cyber security breach, the report said.

“Perhaps this lack of overall understanding accounts for these seemingly counter-intuitive findings: 75 per cent of line of business owners say their CEO and/or board provides sound leadership for cyber security strategy,” the report said.

“Taken in tandem with the fact that 82 per cent of line of business owners say they are concerned about introducing an attack by (for instance) inadvertently clicking on a phishing mail, this may indicate that business leaders are confident in general about security but, when it gets to brass tacks, are unsure what to do in specific situations.”