The 2019 Telstra Security Report explores the landscape of cybersecurity in Australia and reveals that breaches continue to be on the rise. 65 per cent of Australian businesses have been interrupted by a breach, a figure that is up by five per cent since 2018.
The ramifications of cyber-crime are difficult to define as you can’t put a price on the value of information. However, the Australian Criminal Intelligence Commission (ACIC) found that cybercrime is costing the Australian economy up to AU$1 billion annually. It’s a figure that is only set to increase.
Put your money where your mouse is
As our society grows more digitally literate, awareness of these kinds of attack increases. However, despite this increased vigilance, the threat of cybersecurity continues to loom large and it can cast an expensive shadow.
Research by The Harvard Business Review predicts that annual security spending will approach US$1 trillion globally by 2022.
The 2019 Telstra Security Report outlines what this figure looks like for Australian businesses. Security spending is projected to increase, both in absolute terms in the next 18 months, but also relative to the percentage of the total ICT budget. In Australia, the average security budget (cyber and electronic) was just over A$900,000 per annum at the time of the study, but an overwhelming 84 per cent of Australian companies said they will be increasing this investment.
What these figures indicate is that Australian businesses will continue to increase their security budget to try and counteract the rising number of breaches.
All the gear and no idea
The 2019 Telstra Security Report found that priorities are shifting year on year, with security design and architecture currently the most important focus for Australian businesses. While the budget put towards infrastructure protection and network security equipment is critical, it is vital that businesses invest in organisation-wide security expertise as well.
It is no longer sufficient to expect to invest in tech and hardware to be a fix-all solution. According to the Telstra Security Report, human error is one of the biggest threats to security. Mistakes by employees are often made due to a lack of understanding of security policies, or by inadequate business processes. Human error or a targeted attack on an employee were cited as the highest risks to IT security by 36 per cent of respondents.
Investment in infrastructure will only succeed if there is employee buy-in and the right processes are in place. To manage this learning curve, it is important that businesses leverage the power of strategic partnerships. Putting the right training in place will ensure that technology decisions reflect the priorities and competencies of the business – a must for effective cyber-security.
Spend smarter, not harder
A recent Cisco report found that 55 per cent of businesses used more than five security vendors and 65 per cent used more than five products. While having multiple systems is the norm for many businesses, organisations must ensure that employees are kept across any emerging technologies and that a holistic security plan is in place - noting these mitigation approaches are not always adopted. While using a budget on both tech and staff development may seem like a steep investment, spending upfront on the right tools and training will inevitably protect a business from countless threats and ensure the best return on investment.
Of course, dollar signs are just one way of measuring the impact of cyber-attacks. With cybercrime increasing, organisations of all kinds are regularly experiencing breaches that interrupt operations, compromise customer privacy or make invaluable intellectual property vulnerable. In the very worst cases, the damage to reputation is severe. The security landscape shows no signs of slowing down, and companies must stay vigilant, well-informed and adaptable if they are to survive.
Kate Healy is Principal Cybersecurity Strategist, Telstra Enterprise