Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cyber security professionals back government-led cyber threat protection initiatives

Trellix has released a global Cyber Readiness Report gauging technology adoption and perceptions of government cyber security leadership related to cyber security standards and the cooperation between the public and private sectors.

user icon
Thu, 14 Apr 2022
Cyber security professionals back government-led cyber threat protection initiatives
expand image

The Trellix report shows 89 per cent of respondents from India, Australia and Japan believe formalised, government-led initiatives can play an important role in improving their nations’ protection against cyber threats.

Countries such as India, Australia and Japan are facing increasingly sophisticated attacks on government agencies and organisations providing critical infrastructure services:

  • October 2020: A border skirmish between China’s People’s Liberation Army and the Indian Armed Forces in the Himalayas was followed up by a cyber attack on Mumbai’s power grid control systems, shutting down trains, closing the stock market, blacking out pandemic-besieged hospitals and cutting power for 20 million people.
  • October 2019-October 2020: The People’s Republic of China-affiliated APT group “Tick” successfully launched a software supply chain cyber attack through Fujitsu’s ProjectWeb tool to compromise Japanese government and critical infrastructure networks, exfiltrating sensitive information on Japan’s air transportation operations and travel schedules.
  • November 2021: Almost three million Australian homes lost power when a major energy network was hit by a cyber attack, reinforcing the Department of Home Affairs 2020 report that around 35 per cent of cyber attacks hit the nation’s “impact critical infrastructure providers that deliver essential services including healthcare, education, banking, water, communications, transport and energy”.

The incidents, among many others, are reminders that government agencies and critical infrastructure enterprises must improve their cyber defenses through a combination of the implementation of advanced cyber security technologies, enhanced policies and practices, and strengthened partnerships with their governments.

============
============

Respondents from these countries see opportunities for improvement in their partnerships with government in areas such as cyber defence coordination, threat information sharing and software supply chain integrity.

The study, based on research conducted globally by Vanson Bourne, surveyed 900 cyber security professionals from organisations with 500 or more employees, including 200 respondents in India, Australia and Japan.

Cyber security technology adoption

Among Japanese respondents, 32 percent claim to have fully implemented endpoint detection and response and extended detection and response (EDR-XDR) and cloud cyber security modernisation. Zero trust and multi-factor authentication (MFA) appeared to be close behind with 31 per cent and 29 per cent, respectively. About 32 per cent of Indian respondents claim to have fully implemented cloud cyber security modernisation.

The cyber defence technologies lagging furthest behind within this group appear to be zero trust architectures and EDR-XDR with only 25 per cent and 22 per cent fully deployed, respectively.

Over 31 per cent of Australian respondents reported fully deploying EDR-XDR solutions. Technologies lagging further behind include cloud cyber security modernisation (24 per cent), MFA (24 per cent) and zero trust (16 per cent).

Software supply chain risk

The majority (82 per cent) of global respondents believe software supply chain risk management policies and processes are of either high or crucial importance to national security. About 74 per cent of Japanese respondents identified these policies and processes as extremely or highly difficult to implement, and only 26 per cent claim to have fully implemented such practices.

Over 65 per cent of Indian respondents and 63 per cent of Australian respondents identified these policies and processes as difficult to implement, with only 40 per cent of Australians and 35 per cent of Indians claiming full implementation.

About 64 per cent of Australians, 59 per cent of Indians and 52 per cent of Japanese surveyed support government mandates demanding cyber security standards for software. However, respondents from all three countries are concerned there could be drawbacks to such mandates.

Over 51 per cent of Indian respondents believe such mandates could result in government requirements that are too complex and ultimately too expensive to implement. Around half of Australian respondents believe government software security mandates will be too complex and expensive to implement and that government timelines will be difficult to meet. Roughly the same percentages of Japanese are also concerned about the costs and complexity of such mandates.

Cyber skills challenges

While survey respondents identified a variety of barriers to the implementation of advanced technologies, a cyber security talent shortage was revealed across the three countries.

Almost 60 per cent of Indian respondents and 45 per cent of Japanese respondents identified a lack of implementation expertise as one of the biggest barriers to implementation. In Australia, 49 per cent of respondents and 42 per cent of Japanese respondents identified a lack of in-house staff resources as one of their biggest barriers. These findings mirrored cyber security skills shortages in the US and Europe.

Public-private partnerships

About 93 per cent of Indians, 90 per cent of Australians and 85 per cent of Japanese surveyed believe there is room for improvement in the level of cyber security partnerships between their national governments and organisations.

About 59 per cent of Indians surveyed believe their government could provide more funding to organisations such as theirs to improve cyber security, and 53 percent favour tighter cooperation on the investigation of attacks following their discovery.

Half of Australian respondents supported a combination of incident notification and liability protection to facilitate sharing of attack data between impacted organisations, government partners and industry audiences. Half of Japanese respondents showed support for tighter cooperation on the investigation of attacks following their discovery.

In terms of the types of data government should share to help organisations better protect themselves, nearly two-thirds (64 per cent) of Indian respondents valued more data about common cyber security vulnerabilities. Almost 61 percent of Japanese and 56 per cent of Australians surveyed revealed they would like to receive more data on attack vectors used by adversaries. About 58 per cent of Japanese, 52 per cent of Indians and 44 per cent of Australians surveyed would like to receive more data on cyber attacks in progress.

[Related: Digital identity growth driving cyber security debt uptick]

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.