Govt sector facing most security breaches
Australian government and local authority organisations have reported the highest number of average breaches of all Australian organisations over the last 12 months, research from VMWare indicates.
A survey of CIOs and CISOs conducted for VMWare’s Cybersecurity Threat Survey Report found that government bodies have on average experienced 2.54 breaches over the past 12 months.
Government authorities faced a particular problem with “island hopping breaches” involving cybercriminals exploiting the weaknesses in small organisations to laterally target larger ones.
This type of attack was involved in 15% of breaches targeting the government and local authority sector, compared to 11% overall.
“Island-hopping is having an increasing breach impact with 11% of our survey respondents citing it as a main cause of breaches. In combination with other third-party risks such as third-party apps and the supply chain, it’s clear the extended enterprise is under pressure,” VMWare Carbon Black Cyber Security Strategist Rick McElroy said.
But across all sectors, OS vulnerabilities and third-party application compromise were the most common cause of breaches, affecting 18% of respondents.
The research found that economy-wide, 94% of Australian organisations reported attack volumes increasing in the last 12 months, while 96% reported suffering a security breach in the last 12 months, with the average organisation experiencing two breaches during that time.
Meanwhile, 88% reported that attacks have become more sophisticated, with 16% stating they have become significantly more advanced, and 96% plan to increase cyber spending in the coming year.
The research also found that Australian organisations are using an average of seven different security technologies to manage their security program.
Meanwhile, nearly all (98%) respondents report having security concerns around 5G. But despite these challenges, opinion is split on the need for security spending. 43% say they will need to increase security spending and controls, while 55% won’t be focusing their budgetary increases on securing 5G.
Councils must formulate a policy on the use of video analytics early on to ensure that compliance...
A better incident reporting scheme would be one way of reinforcing Australia's cybersecurity...
We need more leadership and whole-of-government action to lift Australia's cybersecurity...