Aussie orgs facing regular security incidents

Nearly one in three (29%) Australian businesses have suffered more than three cybersecurity incidents in the last 12 months, according to new research from Content Security.

A survey of IT security professionals, conducted by the Australian IT security integration and consulting company at last month’s CLOUDSEC 2018, in Sydney, found that a further 12% of companies did not even know if their security had been breached in the past year.

But there are also encouraging signs that Australian businesses are actively working to improve their security posture, including through regular cybersecurity training and education.

According to the survey, 46% of companies train their staff on security on a monthly or quarterly basis, with 35% training staff on an annual basis.

More than half (58%) of companies also plan to invest in vulnerability management capabilities in 2019, with 48% planning investments in cloud auditing and 49% in multifactor authentication security technologies.

The survey also found that despite regularly facing security incidents, 56% of Australian companies rate their ability to respond to cyber attacks as very mature.

Yet only 13% of organisations are aligning their security risk mitigation strategies with the Australian Signals Directorate's recommended Essential 8 cybersecurity maturity model, and only 41% are aligning to requirements in the Notifiable Data Breach scheme.

“An organisation’s success in defending against an attack is largely dependent on its level of preparation and the tools it deploys to monitor systems and detect, shut down and contain suspicious activity,” Content Security CEO and co-founder Louis Abdilla said.

“It’s encouraging to see that Australian organisations are preparing for the very real possibility of an attack, but every individual needs to be responsible for aspects of personal security such as changing compromised passwords.”

Image credit: ©James Thew/Dollar Photo Club