Aussie security breaches went undetected for years
- 10 April, 2018 11:59
Telstra Security Operations Centre (SOC), in Sydney
Ten per cent of security breaches in Australia went undetected for years, seldom or never, according to a recent study by Telstra and GlobalData.
However, Australian respondents said that 61 per cent of data breaches were discovered in minutes or hours, according to Telstra Security Report 2018.
The Telstra study is based on research from GlobalData from November to December 2017. The online research received 1,252 responses from 13 countries, being 60 per cent from Asia Pacific (APAC) and 40 per cent from Europe.
According to the study, 67 per cent of Australian businesses estimated that the number of breaches that had gone undetected in the past year was up to 55 percent.
Nine per cent of Australian business and six per cent of APAC organisations indicated they did not know the number of successful or undetected data breaches.
Approximately 75 per cent of Australian businesses, 81 per cent of the APAC and 83 per cent of European respondents estimated that up to 55 per cent of incident alerts in the past year had gone unanswered.
Despite improvements some businesses have made in automation, this data suggests a lot of alerts are still going unanswered, according to the study.
Loss of productivity was the major impact suffered by organisations after a security breach (41 per cent) followed by corrupted business data (37 per cent) and loss of intellectual property (33 per cent).
Other impacts listed were loss of reputation, loss of customers, distrust from customers and partners, psychological stress on workers, external fines and litigation.
A total of 76 per cent of Australian respondents said their organisation has an incident response plan, however 17 per cent didn't have any and seven per cent were unsure.
Also, 60 per cent of Australian respondents had their business interrupted due to a security breach in the past year.
Phishing and malicious emails attacks are steadily rising with the research showing that 11 per cent of Australian enterprises reported incidents on a weekly basis in 2017, with 25 per cent reporting incidents on a monthly basis. Compared to the global results, Australia tends to have greater instances of monthly and quarterly attacks.
Respondents reported more ransomware attacks in this year’s survey than any previous years, with 31 per cent of Australian respondents experiencing these attacks on a weekly or monthly basis
Three in four Australian businesses were affected by ransomware over the course of 2017; 47 per cent of them paid the ransom, of those that paid, 86 per cent were able to retrieve their data after the payment.
The research found that, in Australia, the IT department will be held responsible for a cyber breach in 40 per cent of the cases, followed by CIO (20 per cent) and CEO (19 per cent).
Just over 80 per cent of Australian respondents said that budgets for cyber and electronic security – which includes surveillance, telemetry, video analytics, biometric and other services – are increasing in 2018. Security, when measured as a line item relative to the overall ICT budget, will also increase for 58 per cent of Australian business with security budgets expected to increase in absolute and in relative terms.
What is also expected to happen, according to GlobalData, is those budgets being converged with 67 per cent of Australian businesses having, or planning to have, a combined budget for cyber and electronic security.
This is Telstra's third security report. Out of the 60 per cent respondents in APAC, 23 per cent came from Australia with the other 37 per cent originating from New Zealand, Singapore, Hong Kong, Indonesia, Philippines and Taiwan.
Respondents were from local organisations, public sector and government entities and multinational corporation (MNCs), with 59 per cent of respondents being from large organisations.