BeyondTrust, the leader in intelligent identity and access security, today released a survey that shows Australian organisations are more concerned about cyberattacks than they were prior to the COVID-19 pandemic.
The survey of respondents polled at the recent AusCERT conference on the Gold Coast and the Australian Information Security Association Cybercon Connect in Sydney found 82 percent of organisations have heightened security concerns due the ongoing prevalence of remote working. They recognise it is significantly more challenging to protect staff and resources when they are operating outside the firewall and connecting over the public internet.
“These concerns are understandable as organisations were forced to make significant changes to their mode of operation in a very short space of time,” said Scott Hesford, Director of Solutions Engineering, Asia Pacific and Japan, BeyondTrust. “Even now, more than two years after the initial lockdowns, many feel they still have much more work to do to ensure they are protected against cyberattacks.”
When asked what specific security challenges they were currently facing, 89 percent nominated securing remote workforces. Additionally, 82 percent of respondents nominated the implementation of a Zero Trust strategy.
“While Zero Trust is seen as an effective way to protect both remote users and IT resources, it is a challenging strategy to adopt,” said Hesford. “Many organisations understand the benefits such a strategy can deliver but are still struggling to achieve them.”
It is not just employees who are working remotely. Fifty-five percent of organisations allow third-party vendors to remotely access their internal networks. Of most concern is that two-thirds of those organisations provide VPN access for those remote third parties.
“Properly securing any VPN access is challenge for most organisations. We have seen a number of breaches over the last few years where VPN access has been leveraged by attackers to infiltrate corporate networks,” said Hesford.
“Dedicated secure remote access solutions are far easier to manage and provide the audit trail and granular security required by frameworks such as zero trust, whether for IT or OT (operational technology).”
Adhering to the Essential Eight
Survey respondents were asked to indicate their level of alignment with the Federal Government’s Essential Eight security guidelines. The guidelines outline best practices that organisations should follow to reduce their chances of falling victim to a cyberattack.
Interestingly, while three quarters of government responders indicated that their organisation was aligning to the Essential Eight, 64% of non-government organisations are also looking to adopt the Essential Eight Security Controls, highlighting the growing favour of these best practices in the private sector.
Yet the devil is in the details. While over half of organisations have met the requirements of the Essential Eight around Regular Backups, full alignment with the controls was lower when it came to restricting admin privileges (24 percent), application control (16 percent) and the user application hardening (19 percent).
“Many organisations have struggled with particular aspects of the Essential Eight, such as application control,” said Hesford. “Traditionally it is seen as complex to deploy with a long time to value.
“However, with modern endpoint privilege management solutions more organisations are finding that they can meet the requirements of the Essential Eight for application control, user application hardening and restricting admin privileges in a comprehensive way with minimal impact on users and low overheads for their support team.”
Encouragingly, the survey found that a majority of respondents believed that their cybersecurity budgets would increase in the coming year with 61 percent of respondents indicating that spending will rise.
“This news is welcome as it shows that most organisations understand the importance of having robust security measures in place. With the threat landscape constantly changing, it is vital to deploy and manage a portfolio of security tools and services that deliver complete protection.”
Hesford said Australian organisations will continue to face cybersecurity threats and challenges in coming years and IT security must remain a top priority for both spending and action.
“The potential for a successful attack to cause significant disruption and loss is very real. By allocating spending and following guidelines such as the Essential Eight organisations can be sure they are prepared to withstand security threats as they appear,” Hesford concluded.
BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organisations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industry’s most advanced privileged access management (PAM) solution, enabling organisations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
BeyondTrust protects all privileged identities, access, and endpoints across your IT environment from security threats, while creating a superior user experience and operational efficiencies. With a heritage of innovation and a staunch commitment to customers, BeyondTrust solutions are easy to deploy, manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 75 of the Fortune 100, and a global partner network. Learn more at www.beyondtrust.com.