Arpad Nagy-Bagoly - stock.adobe.

Some Australian firms still in the dark about cyber security

A report suggesting Australian firms are experiencing fewer cyber incidents has left its co-author perplexed with the findings

This article can also be found in the Premium Editorial Download: CW ANZ: CW ANZ: Trend Watch – Security

The co-author of a report suggesting that some forms of cyber attacks are declining across Australia and New Zealand (ANZ) has been left perplexed by the results.

Leon Fouche, national cyber security leader for BDO, which co-authored the report with AusCert, said that survey respondents reported less business disruption as a result of cyber attacks in 2018 than in 2017, but said this was out of kilter with the experience of most of his clients.

“From the statistics, it seems that organisations are experiencing less cyber incidents. But from my work it is quite the opposite,” he said.

Part of the problem may simply be that companies are in the dark about their cyber exposure. According to the survey, the proportion of organisations that do not know if they suffered a cyber security incident has risen from around 6% in 2017 to 13% in 2018.

According to Fouche, while there may be questions over the quantum, the analysis is still useful in that it identifies trends that organisations need to be alert to in order to direct their investment and education programmes.

He said one of the most important findings was that most cyber attacks are not accidental or due to hapless employee error, but are instead targeted criminal affairs.

“To be properly prepared is to understand who will be targeting you and why. That lets you channel your investments in the right direction,” he said.

Sectors most at risk are education and training and information, media and telecommunications, according to the report. Phishing remains a major problem, particularly for firms that manage large sums of money, such as conveyancers.

One of the particularly intriguing findings is an apparent a 44% drop in the incidence of ransomware attacks in 2018 compared to 2017.

Fouche stood by that result, saying this decline was evident across the region. He believed that was in part due to the challenge that attackers faced in getting funds from ransomware attacks given the flux in the value of bitcoin, the favoured ransomware currency.

Read more about cyber security in Australia

Instead, he said that attackers were turning their attention to targeted e-mail compromises.

The advent of Australia’s notifiable data breach regime and Europe’s General Data Protection Regulation (GDPR) – both of which occurred in 2018 – seem to have helped raise awareness of cyber security and privacy across ANZ, with senior business leadership more engaged in cyber security than ever before.

Even so, more than a third of ANZ businesses remain unsure about whether or not they need to comply with the GDPR, and of the 18% of organisations which have to comply, only 40% have implemented the necessary controls.

Read more on Data breach incident management and recovery