Lagging adoption of security automation means Australian businesses are slower to resolve to data breaches, suffering more expensive breaches, and experiencing alert fatigue at more than twice the rate of staff in other countries, according to a new CISO survey that suggests Australian organisations are routinely overwhelmed by the demands of security administration.
Fully 69 percent of Australian organisations are receiving over 100,000 security alerts every day, Cisco’s 2019 Asia Pacific CISO Benchmark Study of nearly 2000 information-security professionals has found.
Those figures were four times the global average of 14 percent and more than double the Australian result last year, when just a third of companies said they were dealing with that many alerts.
This increase had seen 65 percent of Australian organisations conceding they were suffering from cybersecurity fatigue – well above the global average of 30 percent.
Australian businesses were far less likely to resolve cybersecurity breaches quickly, with just 1 percent of Australian businesses reporting that they were able to get back up and running within an hour, compared with 18 percent of businesses globally.
Some 38 percent of Australian companies said they could restore service in 1 to 8 hours – the same business day – compared with 52 percent of respondents globally.
Yet just 38 percent of cybersecurity incidents were actually resolved in the end, compared with 69 percent the year before – suggesting that many companies were struggling to stay on top of their data-breach burden.
This was confirmed by the 84 percent of businesses admitting that their worst breach had costed them over $1m. This was well ahead of any other country in the Asia-Pacific region and, Cisco ANZ director for cybersecurity Steve Moros said, is a reminder that staying ahead of cyber threats is “a constant battle”.
“Businesses are now facing challenges from all sides,” he explained. “Data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks – and in turn suffer cyber fatigue where they don't have the resources, either in people or time, to proactively protect their business.”
Just not enough time
Responding to possible breach alerts isn’t the only aspect of security administration that is sapping the resources of Australian businesses. Recent figures from the latest Vanson Bourne-SailPoint Market Pulse Survey noted that many IT leaders are losing massive volumes of resources dealing with everyday issues such as managing access to applications and data.
Fully 75 percent of Australian respondents said that such activities consume “the majority of their time” – well ahead of the 62 percent of German respondents and 60 percent of British respondents that said the same.
Indeed, Australian leaders were the most snowed-under when it came to managing identity-related tasks, with 100 percent saying they were focused on repetitive, identity-related tasks multiple times a week – compared with 68 percent in the US, 58 percent in the UK, and just 40 percent in France.
This time commitment was causing problems in other parts of the security organisation, with 73 percent of Australian respondents – more than in any other country – saying they would reallocate resources to other areas of risk if they were able to deploy automation successfully.
With tasks such as alert response and identity management consuming a massive share of security resources – and false positives surging from 35 percent of alerts to 66 percent of alerts – cybersecurity practitioners need to fundamentally rethink many of their processes to ensure they can keep up.
Moros recommended adoption of a Zero Trust approach to counter unpredictable user behaviour – which leads to vulnerabilities including higher-than-ideal levels of stolen credentials, phishing and other identity based attacks – as well as creating cybersecurity resilience plans and educating senior executives to get them onboard.
That included “creating a cybersecurity resilience plan so all employees are aware of the risks, their role and how to react in a data breach,” he said. “Finally, educating board members on what data breaches could look like, the monetary impact and also how the business can prepare and invest, will help to unlock further budget for investment into cybersecurity so the above can be achieved.”