cl-au logo
Story image

Telstra’s 2019 cybersecurity report

17 Apr 2019

One in two Australian businesses estimated that they received fines for being in breach of new legislation in the past two years and nearly two-thirds of Australian businesses fell victim to a security breach last year according to new Telstra research.

The 2019 Telstra Security Report released today found that awareness and understanding of the strategic importance of security has increased with 84% of Australian companies saying they will increase security budgets, currently averaging over $900,000 per annum, in the next 12 to 24 months to combat security threats.

The research found Australian businesses are better prepared than ever for cyber-attacks with incident response plans in place at 77% of local businesses. Of the respondents with a plan, more are reviewing and testing them on a monthly basis compared to last year as businesses shift to an ‘expectation of breach’ mentality.

The introduction of new regulations, such as the Notifiable Data Breach Scheme in Australia and the European Union’s Global Data Protection Regulation, as well as several high-profile privacy breaches, has driven C-level and senior management interest in security with one-third of Australian respondents saying the frequency of meetings with senior stakeholders has increased.

“Against a backdrop of more frequent and sophisticated attacks and the introduction of new regulations that force the public disclosure of breaches, companies are now more aware of the threat of reputational damage and the erosion of customer trust caused by cyber breaches,” says Telstra enterprise group executive Michael Ebeid.

“Our research found that customer concern around data privacy has increased within the past year according to 38% of respondents, which compares to 46% globally.”

According to the report, a major source of risk to IT security is human error, which is often caused by inadequate business processes and by employees not understanding their organisation’s security policies. Human error or a targeted attack on an employee were cited as the highest risks to IT security by 36% of respondents.

The ability to timely detect and effectively respond to incidents is still the number one challenge for Australian companies when managing electronic security.

Alarmingly, 19% of Australian respondents surveyed estimated that more than half of the data breaches impacting their company went undetected altogether in the past year. This is despite 74% of Australian businesses believing they have strong systems in place to verify when an incident has occurred.

While Australian businesses are faster at detecting breaches than international counterparts - 62% of the local respondents that experienced a breach indicated they were able to detect a breach in minutes or hours compared to 50% globally - businesses are still taking too long to detect and contain an incident or breach.

While ransomware is still pervasive and profitable for cyber criminals, it is encouraging to note that most potential victims have adopted policies and safeguards against such attacks. These incidents, however, are just as prevalent this year as last year.

Among Australian respondents that reported being interrupted due to a security incident in the past 12 months, 32% indicated interruptions on a weekly or monthly basis, due to ransomware attacks.

The research shows that, increasingly, paying the ransom does not guarantee a retrieval of data. More than half of Australian businesses that experienced ransomware in the past year reported paying the ransom, compared to 47% the previous year. Of those that paid, 77% were able to retrieve the data, compared with 86% the year before.

If attacked again, 79% who paid the ransom would consider paying the ransom again if there was no back-up for the impacted data.

The 2019 Telstra Security Report’s outlook for the future is that security will continue to be a top strategic focus for Australian businesses and increased investment on security will reflect this prioritisation. New compliance measures will also drive increased investment particularly focused on the automation of processes and to demonstrate all necessary precautions are taken to prepare for events.

There is also the much broader security landscape to consider when managing cyber and electronic security. The more devices that become connected, the broader the security footprint becomes. This also brings the opportunity for new technologies to improve end-to-end visibility and better management of security risks.

“As security threats become more sophisticated, companies must stay vigilant in order to protect themselves and customers, and to take full advantage of an increasingly connected world,” adds Ebeid.

“Businesses must look for ways to help prepare for sophisticated emerging threats as part of their security strategy.”

Telstra’s Security Report outlines general best practices for businesses to consider as part of their security strategy. 

They include having multi-layered defences, conducting constant architecture reviews, ensuring employees are aware and trained to improve security resiliency and following Telstra’s guidance on the five things businesses should know to effectively manage the business risk of cybersecurity risk.

Story image
Acronis appoints new APAC General Manager and launches Partners Programme
One of Morarji’s first objectives has been to launch the new Acronis Partner Programmes in APAC, in which the Acronis team will help channel partners and managed service providers (MSPs) expand their portfolios and deliver fast ROI.More
Story image
IoT device shipments to grow 9.8% despite COVID-19 uncertainty
This may be welcome news for consumer IoT vendors looking for growth in markets seeing unprecedented disruption, but Canalys also projects a strong downturn this year, and claims vendors must be proactive to ensure they weather the incoming storm.More
Download image
Why VPNs need more than a username and password
VPNs aren’t just used by a handful of users any more – now, contractors, vendors, partners, employees, and sometimes even customers will need to access your business VPN.More
Story image
SailPoint Peer Insights Choice for identity management
SailPoint is the only vendor to receive the ‘Customers’ Choice’ distinction in the Identity Governance and Administration segment.More
Link image
Take advantage of free multi-factor authentication as you work remotely
Cybersecurity is shaping up to be one of the most important areas to consider while working from home. Leverage biometrics and password authentication for free with RSA.More
Story image
Lenovo announces new edge and Azure cloud-tiering solutions
The solutions, say DCG, were designed in response to the ever-increasing number of connected IoT devices and the masses of data this creates from edge to the core.More