Share this article on:
Overconfidence in legacy cyber security procedures has left businesses exposed to continuity risks and ransomware attacks, with a recent Cohesity report finding alarming trends in Australia’s cyber security market.
Over half of Australian IT and security professionals fell “victim of a ransomware attack” in the six months leading up to a recent cyber security research report, AI-powered data security and management provider Cohesity has found.
Based on the polling of 502 Australian IT and security decision-makers, the report raised alarms for Cohesity, observing that four in five respondents still expressed confidence in their company’s ability to “address today’s escalating cyber challenges and threats” despite the alarming finding.
The statistics show that ransomware is impacting a larger number of Australian businesses than typically meets the eye, Matt Old, director of cloud alliances at Cohesity Asia-Pacific and Japan, told Cyber Daily.
"While these figures are likely larger than what organisations self-report to government bodies and authorities, it demonstrates the importance of building cyber resilience to counter constantly proliferating cyberattacks and the risk they pose to business continuity," he said.
"Governments at all levels recognise that cyberattacks pose disruptive risks to our economies and societies, but given more than 1 in 2 Australian respondents said their organisations are paying ransoms, there's a massive cyber resilience journey ahead for all. At the same time, organisations should see regulations and legislation as the 'floor', not the 'ceiling', in adopting cyber resilience and security posture best practices."
Worryingly, of the 502 respondents, 54 per cent reported that their organisation had paid a ransom in the last year, despite 70 per cent of respondents claiming that their company maintains a “do not pay” policy.
The report also uncovered major risks to business continuity with “unrealistic” legacy cyber security processes.
Despite confidence in their procedures, 36 per cent of respondents outlined that it would take four to six days to restore their data, while 30 per cent said it would take between one to two weeks, and 10 per cent responded that it would take between three weeks and two months.
"Organisations can't control the fact they operate in a world where cyberattacks are a matter of 'when' not 'if', however, they can enhance their ability to respond to threats, recover data, and restore processes in a worsening cyber threat landscape," Old added.
It appears that Australian businesses still have a long way to go in getting the basics of cyber security right, with glaring omissions in security protocols from multifactor authentication to role-based access control.
Of those 54 per cent of respondents who had paid ransoms, 52 per cent had paid ransoms in excess of $375,000.
Old expressed his concern at the findings: “The fact that almost one in two organisations are not implementing these controls to protect sensitive data is alarming and demonstrates a significant risk to an organisation’s cyber resilience. Especially given everyday consumers and end-users are often – and rightly – required to have MFA enabled to secure their account credentials, with MFA also an important defence measure against AI-based attack techniques.”
Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology.