Australian businesses have scored poorly in an international survey of preparedness for the new generation of security threats, according to a multi-national survey by Trend Micro.
An online survey of IT managers polled more than 2000 companies, each with 500 or more employees, in several countries—Australia, Canada, the United States, Germany, UK, France, Brazil, and India. 225 firms were surveyed in Australia.
The research canvassed a wide range of attitudes and approaches to security, such as enforcement of access rights, encryption of information, and understanding of Advanced Persistent Threats (APT), the latest form of targeted attacks aimed at larger organisations.
Australian firms consistently ranked poorly to comparison to other nations in most of the criteria, with the US and Canadian firms appearing to be better prepared for emerging cyber-threats.
Adam Biviano, Trend Micro ANZ’s head of strategic products, said the results were surprising.
“Australian organisations ranked lowest in key areas, such as the encryption of critical information, educating staff about targeted attacks, and a general understanding of APTs. Perhaps Australian IT managers feel that distance makes them safer and less of a target, but cyber-criminals know no boundaries and the increasing number of data breaches shows that any Australian company can be targeted,” he said.
Australia did do well in one area, however, with almost 95 percent of organisations surveyed having up-to-date security software deployed across their endpoints.
“Given that we are all about to be connected to a national network with basically unlimited bandwidth, we need to start taking the risks posed by these targeted attacks seriously. Otherwise we may start to miss out on some of the opportunities that will emerge,” said Mr Biviano.
Research highlights for the eight countries, with percentages of organisations surveyed:
Have a documented process for handling security incidents
1st USA 93.0%
8th Australia 80.4%
Critical information cannot be copied or saved onto endpoints
1st USA 89.9%
8th Australia 79.1%
Critical information is encrypted
1st US 91.2%
8th Australia 80.9%
Exchanging executables is prohibited via email and removable media
1st Canada 87.4%
6th Australia 80.9%
Security software installed on client/server is always kept up-to-date
1st Australia 94.7%
8th Germany 88.1%
Understanding of how targeted attacks such as APTs work
1st USA 91.6%
8th Australia 78.7%
Security policy exists within the organisation, and is shared & communicated regularly with employees
1st Canada 95.6%
7th Australia 84.4%
Regularly educating users on targeted attacks such as APTs
1st UK 87.3%
8th Australia 72.9%