Security Market Segment LS
Thursday, 30 July 2020 12:43

Australia suffering from security complexity: Cisco


Cisco's sixth annual CISO Benchmark Report shows executive leadership teams consider security a high priority.

Areas receiving increased investment include cloud security and automation technologies to combat complexity and to simplify and speed up response times in security ecosystems, improve visibility into networks, and support collaboration between networking, endpoint and security teams.

That complexity can be seen in the finding that 90% of Australian organisations use between one and 20 security vendors. The remaining 10% use more than 20 vendors.

Keeping up to date with security patches is still an issue, despite being a concern for more than a decade.

59% of Australian respondents reported incidents caused by unpatched vulnerabilities. That compares unfavourably with the global average (46%), and even more poorly with the US (40%) and European (36%) experience.

JLL CISO for Asia Pacific Mark Smink said the industry needs a better way of notifying customers that patches are available, and also to make the patching process more seamless. The need to avoid downtime and incompatibilities are barriers to prompt patching, he said.

The University of Queensland deputy director of information technology services David Stockdale suggested that IT's traditional "availability mindset" is changing, and there is a growing realisation that the security of services is also important. A culture change is underway, allowing availability and security to be considered together.

More Australian respondents reported "cyber fatigue" (58%) than other countries and regions such as the US (37%) and EMEAR (38%).

One way to avoid this is to take the user's perspective into account, Stockdale suggested. For example, Cisco's Duo access security product has been readily accepted by users, he said.

Automation is seen as a way to address security issues, but it is not clear whether Australia is a leader or a laggard.

74% of Australian respondents plan to increase security automation, compared to 82% in APJC as a whole, and 93% in India and 91% in China. Cisco did not indicate the current levels of automation in different countries, so it is possible that more local organisations are already putting automation to work.

Automation is a necessary part of responding to the security challenge, said Stockdale, as it handles many routine tasks, freeing staff to deal with the more difficult aspects.

But there is an expectation that vendors will deliver automation and integration, Smink said, rather than leaving it to each organisation.

Australia is a laggard when it comes to the adoption of multi-factor authentication (MFA), an area led by the US, China, Italy, India, Germany and the UK.

That said, The University of Queensland has applied MFA to all services, including VPNs, Stockdale observed. "We need to understand a lot more about the person" in order to determine the resources they should be able to access.

Among the good news: 86% of Australian respondents reported high levels of collaboration between their security and network teams.

“As organisations are faced with accelerating digital transformation due to unprecedented external factors, the need for agile security, simplification and automation is now a necessity," said Cisco ANZ director of cyber security Steve Moros.

"CISOs have been adopting disparate security technologies to reduce exposure against malicious actors and threats which has created substantial complexity and operational challenges in managing their security environment. The question is, have cyber investments helped organisations decrease the time it takes to detect and remediate?”

He added “Today’s IT setups and accelerated digitisation means that companies can no longer get by with siloed security solutions pieced together over time. In the current environment, what organisations need is a simplified and systemic approach to security in which solutions can act as a team, learn, listen and responds as a coordinated unit.

"Taking a platform approach, such as Cisco’s SecureX, can help simplify an organisation’s approach to cybersecurity. SecureX delivers unified visibility across users' entire security infrastructure, including network, endpoints, cloud, and applications, to help accelerate threat response and realise desired outcomes in today's fast-changing world."

Moros mentioned the usual "people, process, technology" mantra, but Stockdale suggested it should be "people, people, people, then process."

"Security is everyone's responsibility," he explained.

The report follows a survey of 2,800 security professionals from 13 countries.

Subscribe to Newsletter here


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.





Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News