Wednesday, May 04, 2022
ExtraHop, the leader in cloud-native network detection and response, today released findings from a new survey that shows 85% of organisations in Asia Pacific were breached by ransomware at least once in the past five years, but only 28% publicly disclosed that an incident occurred.
The ExtraHop Cyber Confidence Index - Asia Pacific Report 2022, conducted by StollzNow Research, sheds light on discrepancies in how Australian IT decision makers (ITDMs) see their current security practices, and the reality of the ransomware attack landscape.
It shows that both outward and inward perceptions of security can be deceiving.
Externally, 72% of organisations will try to keep a ransomware incident quiet, telling few people if anyone, and certainly doing their utmost not to make it public knowledge.
Meanwhile, growing cybersecurity budgets don’t necessarily buy improved degrees of protection and confidence, with only 43% of ITDMs in Australia expressing a high degree of confidence in their organisation’s ability to prevent or mitigate cybersecurity threats, and an equal percentage having low confidence. Of those that are confident, many shouldn’t be. Lax security practices, continued reliance on legacy technology, and actual attack numbers all suggest that confidence levels may be overstated or unrealistic.
This may explain why executives in the region don’t back transparency or disclosure of incidents, since they can’t be confident history won’t repeat itself. It often does: on average, every Australian business that identifies as a ransomware victim was infected—or reinfected—yearly in four of the past five years.
As executive committees and directors become more educated in cybersecurity risks, and accountable for those risks to shareholders and regulators, ITDMs and security teams are likely to face more detailed questions and future audits of their security posture, decision-making and protections, particularly as it relates to budget and resource allocation. Boards and executive committees may be driven to undertake their own separate due diligence on ‘low confidence’ environments and indicators.
“Security leaders in Asia Pacific are facing a challenge. They’re in disagreement with executives around disclosure, they’re getting increased budgets but it doesn’t feel like enough, and there is worry around legal obligations,” said Jeff Costlow, CISO, ExtraHop. “These leaders need to focus on their risk tolerance for their IP, data, and customer data and arm their teams with the tools and network intelligence that can help them defend their most critical assets. This survey reinforces the challenge organisations face in preventing attacks. Let’s arm defenders with the tools and forensics needed to prevent an intrusion from becoming a full-blown breach.”
Key Australian research findings include:
Even as companies continue to innovate with cloud technologies and remote workforces, IT infrastructures remain vulnerable to past architectural decisions, with obsolete protocols providing ongoing opportunities for attackers to infiltrate networks and unleash ransomware attacks. A lack of visibility and effective use of data has also contributed to organisations' obstacles in identifying vulnerabilities and preventing ongoing ransomware attacks.
“High levels of fear around the security implications of legacy environments, and the very real threat of multiple breaches a year, is a reminder of just how quickly cybersecurity postures can become outdated and vulnerable,” said Rohan Langdon, ANZ Country Manager at ExtraHop. “Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before it can compromise the business."
Organisations should look for ransomware mitigation tools that can capture network communications across all devices, and use technologies like behavioural analytics and artificial intelligence to detect behaviours that signal a ransomware attack in progress. By leveraging a network detection and response platform, defenders can detect and stop the lateral movement and other post-compromise activity of ransomware attackers before they achieve real damage.
The report identifies several courses of action that Australian organisations intend to take in 2022:
Network Detection and Response: 40% intend to invest in network detection and response systems this year, adding to the 36% of organisations that already have such systems in place.
Social Engineering Strategy: 36% of respondents plan to implement a social engineering strategy in 2022, building on the 30% that already have one in place today and the 46% that train staff to recognise social engineering cues. This correlates with a finding that over half (55%) of ITDMs are already confident in staff ability to identify cyber- and social engineering attacks.
Improved Threat Training and Identification: 43% plan to implement staff threat training, while 50% plan to improve the speed of threat identification.
Onboarding More Resources: 40% of organisations plan to increase or recruit dedicated internal security staff. The same proportion (41%) intend to engage external managed security services in 2022.
Australia struggles for staff
The research shows that 43% of Australian ITDMs are very or completely confident in their ability to handle cyber threats. Within that, confidence varies: 77% are confident of preventing attackers from breaking into internal networks, for example, while only 19% say they can always identify and block ransomware. Australian teams will mostly emerge from 2022 with more budget than the previous year, but may still find it difficult to attract resourcing; 63% say it is difficult to find staff for the cybersecurity team, although work-from-home options have broadened the possible skills pool.
The survey of 300 security and IT decision makers in Australia, Japan and Singapore, was conducted by StollzNow Research and sponsored by ExtraHop. It involved 100 IT decision makers in each of the markets, at organisations of at least 50 people and operating in a broad range of vertical markets, and was conducted in January 2022.
Cyberattackers have the advantage. ExtraHop is on a mission to help you take it back with security that can't be undermined, outsmarted, or compromised. Our dynamic cyber defence platform, Reveal(x) 360, helps organisations detect and respond to advanced threats—before they compromise your business. We apply cloud-scale AI to petabytes of traffic per day, performing line-rate decryption and behavioural analysis across all infrastructure, workloads, and data-in-flight. With complete visibility from ExtraHop, enterprises can detect malicious behaviour, hunt advanced threats, and forensically investigate any incident with confidence. ExtraHop has been recognised as a market leader in network detection and response by IDC, Gartner, Forbes, SC Media, and numerous others.
When you don't have to choose between protecting your business and moving it forward, that's security uncompromised. Learn more at >www.extrahop.com.