Australian organisations suffering ‘cyber fatigue’
- 01 November, 2019 09:33
Australian organisations are struggling to defend against cyber threats according to a recent study.
A total of 209 Australian CISOs responded to the annual Cisco Asia Pacific CISO Benchmark Study on the cyber security landscape with 65 per cent saying they are suffering from cyber security fatigue or are receiving so many daily threats they have given up proactively defending against them.
Australian organisations are receiving a much higher volume daily alerts than the global average, with 69 per cent of respondents saying their organisations received more than 100,000 alerts every single day.
Only 33 per cent of all alerts were found to be legitimate. Australian organisations were able to investigate a higher percentage of them compared to other countries, the study found.
Cisco said that Australia ranked below the global average on remediated legitimate alerts, which it said may indicate that too many resources are put towards investigating all alerts and not enough going towards remediating legitimate ones. This could be a reason why cyber security fatigue in Australia is so high compared to the global average.
“Businesses are now facing challenges from all sides -- it is a constant battle," Cisco A/NZ director of cyber security Steve Moros said. "Our report shows that data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks and in turn suffer cyber fatigue where they don't have the resources, either in people or time, to proactively protect their business.”
Australian organisations also use multiple vendors with 78 per cent using more than 11 vendors at once. A more integrated approach could help reduce cyber fatigue, the report argued. Cisco advocated a Zero Trust approach to simplify cyber security by focusing on identity, device, and applications.
"The Zero Trust approach is about restricting a user so that they can only enter an area which is approved and relevant to their duties," the study recommended.
Outages following a data breach were also longer in Australia than the global average, with 75 per cent of organisations experiencing an outage of 5-16 hours in the wake of their most severe breach.
The cost of a breach is also higher in Australia than the global average: For 84 per cent of organisations in Australia that suffered a breach, it cost them over $1 million. The study also found that when it came to the most impactful breach they had experienced, nearly half of Australian organisations incurred a monetary cost of at least $5 million, compared to 7 per cent globally.
Overall, Australian participants indicated that security is top of mind, with 98 per cent saying they somewhat or strongly agreed that their organisations consider cyber risk as a matter of routine.
Twenty two per cent of the Australian organisations surveyed for the report said a lack of trained personnel was the biggest obstacle when it came to adopting advanced security processes and technology. However, budget constraints were cited as the the main obstacle (37 per cent). The number was higher than the Asia Pacific and and global average.
Other obstacles were organisational culture/attitude about cyber security (32 per cent) and competing priorities (30 per cent).
The study interviewed a total 2000 security professionals from 11 countries across APAC, ranging from organisations of 100–499 to large enterprises and the public sector.