Cyberattacks continue to plague Australian businesses, with four in 10 (38%) experiencing a cyber breach in 2021, according to the 2022 Thales Global Data Threat Report.
The research, commissioned by Thales, surveyed over 2,700 executives across 17 countries who are responsible for, or have influence over their organisations' IT and data security. It found that security incidents remained high throughout 2021, and 40% of IT leaders admitting to having failed a compliance audit.
Australian IT leaders ranked ransomware (45%), malware (43%), and phishing or whaling (40%) as the leading sources of increased security attacks. They also claimed that managing these cyber risks is an ongoing challenge, with 50% reporting increased volume, severity, or scope of cyberattacks in the past 12 months. Meanwhile, on-premises legacy apps (48%), cloud-based storage (47%), and web apps (43%) were the three biggest targets for cyberattacks among Australian businesses.
With many employees still working from home, 76% of businesses had become concerned about the security risks and threats posed by the work setup. The figure aligns with the results of Trend Micro Incorporated's (Trend Micro) latest Cyber Risk Index (CRI) released last month, showing that a majority of global organisations expect to be successfully hit by a cyberattack in 2022.
In Australia, 35% of the respondents said around half of their workloads and data reside in external clouds, while 47% experienced a breach or failed an audit in their cloud environments. Moreover, the use of encryption to protect sensitive data remained low, with only half of respondents (52%) disclosing that more than 40% of their sensitive data in the cloud has been encrypted, and a quarter (25%) stating more than 60%, representing a significant ongoing risk for businesses.
Brian Grant, ANZ director at Thales Cloud Security, said cyber awareness training, paying ransoms, and other outdated approaches do not mitigate risks among data-dependent organisations.
“Staff turnover and inconsistent skills, combined with advanced social engineering by attackers, make cyber awareness ineffective, while paying a ransom only fosters more criminal behaviour. It's encouraging that many businesses have increased security budgets and devised cyber-incident response plans, but a worrying lack of effective data security continues to leave gaping holes for criminals to exploit,” Grant continued.
“Increased obligations associated with critical infrastructure legislation, as well as stronger regulatory enforcement, mean business executives must direct their organisations to effectively secure their data and digital integrity now, before it's too late.”