A data breach can be the biggest kind of crisis a CIO will have to face, and according to new research from PwC, it’s one that more and more IT leaders will be facing this year, particularly here in Australia. Australia continues to punch well above its weight as a target for online attacks, displacing Brazil, the UK and Canada to become the world’s most targeted country. Household names David Jones, Kmart and Woolworths were each affected by security breaches in 2015. But these are just some of the cases that made the news – how vulnerable to cyber attacks is the average Australian organisation?
As threats continue to mount, understanding and managing cyber security risks has become top of mind for leaders in business and government. Just like their global counterparts, Australian organisations are responding by boosting their security budgets – already a 59 per cent increase from 2015. Yet, PwC’s 2016 Global State of Information Security Survey reveals that the number of detected security incidents in Australia has increased by 109 per cent to 9,434 in the past 12 months – triple the global increase of 38.5 per cent. While this figure may be alarming, PwC suggests the dramatic increase is a sign that Australian organisations’ increased spending on security is paying off, as it has enabled them to better detect incidents.
However, research conducted by IDC tells a different story. In its recent FutureScape report, the analyst firm examined the implications of IT security in the Asia Pacific and found that despite Australia being ahead of all other countries in terms of market maturity and IT security spend, it was hit particularly hard by ransomware attacks in 2015. In theory, Australia’s high security spend – which even exceeds that of China – should correlate to an underrepresentation in Asia Pacific figures, but this clearly isn’t the case. In addition, CSO Magazine reports that Australian organisations – both consumer and commercial in nature – have become lucrative targets for international attackers due to the country’s quickly volatile political and economic landscape.
People not technology
While the fact that Australian organisations are willing to invest in IT security is a positive step, many are yet to grasp the fact that it’s a people issue, not technology. As PwC’s Australia and Asia Pacific cyber leader, Steve Ingram, told CIO Magazine, “It doesn’t matter how much you spend on technology… if your people don’t understand their role in cyber [security]”.
Technology is no longer enough in this new threat landscape. Organisations face significant issues around response protocols and disaster preparedness, third party suppliers, governance and employee engagement, and the speed of innovation. That’s why it’s important to build a business-centric security model that focuses just as much on policies, procedures and culture as it does on technological controls. Digital security threats are almost always worse from internal sources, so educating all staff around the potential risks is critical.
Not about the money
With the ever-increasing number of users, data and network connections, 2016 is going to be more challenging than ever for from a cyber security perspective. Each and every industry sector is facing an increased cyber security threat this year, and throwing money at the problem isn’t the solution. Instead, Australian organisations need to focus on making their IT security investments work smarter, not harder. This can be achieved by implementing a business-centric security model, which ensures companies are better able to prevent and tackle security threats.
To learn how to best secure your organisation, download our guide to designing and implementing a robust security strategy here: ‘Security in a world with no perimeters: A Logicalis how-to guide’.