IT security concerns in Australia are higher than before the pandemic

Organizations in Australia are more concerned about cyberattacks than they were before the COVID-19 pandemic, according to a new BeyondTrust survey.

The survey of respondents interviewed at the recent AusCERT conference on the Gold Coast and the Australian Information Security Association Cybercon Connect in Sydney revealed that 82% of organizations have heightened security concerns due to the continued prevalence of work from a distance. They recognize that it is much more difficult to protect personnel and assets when operating outside the firewall and connecting over the public Internet.

“These concerns are understandable as organizations have been forced to make significant changes to the way they operate in a very short time,” said Scott Hesford, director of solutions engineering, Asia Pacific and Japan, BeyondTrust.

“Even now, more than two years after the initial lockdowns, many feel they still have a lot of work to do to ensure they are protected against cyberattacks,” he says.

Security Challenges

When asked what specific security challenges they currently face, 89% mentioned securing the remote workforce. Additionally, 82% of respondents suggested implementing a Zero Trust strategy.

“While Zero Trust is considered an effective way to protect both remote users and computing resources, it’s a difficult strategy to adopt,” says Hesford.

“Many organizations understand the benefits such a strategy can bring, but still struggle to achieve them.

“It’s not just employees working remotely. Fifty-five percent of organizations allow third-party vendors to remotely access their internal networks,” he says.

“What is most concerning is that two-thirds of these organizations provide VPN access to these remote third parties.

“Properly securing any VPN access is a challenge for most organizations. We have seen a number of breaches over the past few years where VPN access has been exploited by attackers to infiltrate corporate networks.”

Dedicated secure remote access solutions are much easier to manage and provide the audit trail and granular security required by frameworks such as zero trust, whether for IT or OT (Operational Technology). ).

Adhere to the Eight Essentials

Survey respondents were asked to indicate their level of alignment with the federal government’s Essential Eight security guidelines. The guidelines outline best practices that organizations should follow to reduce their risk of falling victim to a cyberattack.

Interestingly, while three-quarters of government respondents indicated that their organization aligns with the Eight Essentials, 64% of non-governmental organizations also plan to adopt the Eight Essential Security Controls, highlighting the growing favor of these best practices. in the private sector.

However, the devil is in the details. While more than half of organizations met the Essential Eight requirements for regular backups, full alignment with controls was lower for restricting administrator privileges (24%), controlling applications (16%) and strengthening user applications (19%).

“Many organizations have struggled with particular aspects of Essential Eight, such as application control,” Hesford says.

“Traditionally, it is considered complex to deploy with a long time to value.

“However, with modern endpoint privilege management solutions, more and more organizations are finding that they can meet the Essential Eight requirements for application control, user application hardening, and privilege restriction. comprehensively with minimal user impact and low overhead for their support team.”

Security budgets

Encouragingly, the survey found that a majority of respondents believed their cybersecurity budgets would increase in the coming year, with 61% of respondents indicating that spending would increase.

This news is welcome as it shows that most organizations understand the importance of having strong security measures in place. With the threat landscape constantly changing, it is essential to deploy and manage a portfolio of security tools and services that provide comprehensive protection.

Hesford says Australian organizations will continue to face cybersecurity threats and challenges in the years to come and that IT security must remain a top priority for both spending and action.

“The potential for a successful attack to cause significant disruption and loss is very real,” he said.

“By allocating spend and following guidelines such as the Eight Essentials, organizations can be sure they are ready to withstand security threats as soon as they emerge.”

Comments are closed.