Australian Organisations’ Ability to Quickly Detect and Prevent Cyber Attacks is Low
Most Companies Surveyed Reported an Average of Almost Two Security Breaches in the Past Year
- When asked to grade their organisation’s approach to dealing with network security threats, on average, respondents said the security posture of their organisation is only 4.5 based on a scale of 10 being very effective.
- Respondents also rated their organisation’s ability to quickly detect and prevent cyber attacks as poor (4.4 and 4.6, respectively on a scale of 10 being excellent) and their ability to minimise false positives in identifying and containing cyber attacks against networks as not very effective (4.3 rating).
- Respondents were slightly more positive about their organisation’s IT security personnel in terms of their knowledge and expertise in managing emerging network security technologies, rating them 5.3 on a scale of 10 being the highest.
- Australian organisations seem to recognise the need to attract competent and skilled security professionals with more than half (55 percent) of respondents saying emerging network security technologies used by their organisation are dependent upon in-house personnel who possess the knowledge and expertise to operate them effectively.
- A majority of respondents (61 percent) said emerging network security technologies only address part of the cyber security threats facing their organisation.
- Other top issues highlighted in the report include the problem of emerging network security technologies having high false positive rates (56 percent of respondents) and 54 percent say emerging network security technologies fall short of vendors’ promises.
- The study found that Australian organisations in the survey focus on the inside-out threat and, do not take a more holistic approach to managing cyber security risks.
- 58 percent of respondents agreed that their organisation primarily uses emerging network security technologies to minimise the inside-out problem and their approach is often to prioritize the point solution in managing cyber security threats. Only 37 percent say the holistic approach would be prioritised.
- More than half (51 percent) of respondents said their organisations use emerging network security technologies to heighten visibility to applications and the use of cloud services.
- Intrusion Prevention System (IPS) and firewalls are considered the most effective features in the control of the security of the organisation’s network. The application control feature in NGFW (Next Generation Firewalls) is most often configured for monitoring and reporting only (50 percent of respondents).
- Less than half (47 percent) of respondents say their organisation’s NGFW suffers performance degradation when deploying the IPS feature and 29 percent are unsure.
- Ponemon Study: Emerging Technology Under the Spotlight Blog by Johnnie Konstantas
- Deconstructing Web Attack Trends in 2012 Blog by Kyle Adams
- Spotlight Secure Global Attacker Intelligence Service: First System for Fingerprinting Cyber Attackers Blog by David Koretz