Australia lags in online security awareness

IT managers score low marks in APT preparedness when compared to global counterparts

Australian businesses have scored poorly in an international survey of preparedness for the new generation of security threats, according to a multi-national survey by Trend Micro.

An online survey of IT managers polled more than 2000 companies, each with 500 or more employees, in several countries—Australia, Canada, the United States, Germany, UK, France, Brazil, and India. 225 firms were surveyed in Australia.

The research canvassed a wide range of attitudes and approaches to security, such as enforcement of access rights, encryption of information, and understanding of Advanced Persistent Threats (APT), the latest form of targeted attacks aimed at larger organisations.

Australian firms consistently ranked poorly to comparison to other nations in most of the criteria, with the US and Canadian firms appearing to be better prepared for emerging cyber-threats.

Adam Biviano, Trend Micro ANZ’s head of strategic products, said the results were surprising.

“Australian organisations ranked lowest in key areas, such as the encryption of critical information, educating staff about targeted attacks, and a general understanding of APTs. Perhaps Australian IT managers feel that distance makes them safer and less of a target, but cyber-criminals know no boundaries and the increasing number of data breaches shows that any Australian company can be targeted,” he said.

Australia did do well in one area, however, with almost 95 percent of organisations surveyed having up-to-date security software deployed across their endpoints.

“Given that we are all about to be connected to a national network with basically unlimited bandwidth, we need to start taking the risks posed by these targeted attacks seriously. Otherwise we may start to miss out on some of the opportunities that will emerge,” said Mr Biviano.

Research highlights for the eight countries, with percentages of organisations surveyed: 

Have a documented process for handling security incidents

1st           USA                     93.0%

8th           Australia              80.4%

Critical information cannot be copied or saved onto endpoints

1st           USA                     89.9%

8th           Australia              79.1%

Critical information is encrypted

1st           US                       91.2%

8th           Australia              80.9%

Exchanging executables is prohibited via email and removable media

1st           Canada                 87.4%

6th           Australia               80.9%

Security software installed on client/server is always kept up-to-date

1st           Australia               94.7%

8th           Germany               88.1%

Understanding of how targeted attacks such as APTs work

1st           USA                      91.6%

8th           Australia               78.7% 

Security policy exists within the organisation, and is shared & communicated regularly with employees

1st           Canada                 95.6%

7th           Australia               84.4%

Regularly educating users on targeted attacks such as APTs

1st           UK                        87.3%

8th           Australia               72.9%    

Tags researchsurveytrend microAPTadvanced persistent threats (APTs)targeted attacksTrendmicroAdam Biviano

Show Comments