Credit: ID 109555773 © Feodora Chiosea | Dreamstime.com
Ongoing and unknown vulnerabilities in third-party systems are making them harder than ever to protect, with nearly three-quarters of Australian businesses citing the weaknesses as a major challenge to security confidence that continues to lag the world.
Just 22 percent of Australian companies responding to the Accenture’s recent Securing the Digital Economy: Reinventing the Internet for Trust report – which surveyed over 1700 CEOs and C-suite executives across the globe – said they are confident in their Internet security.
That was well behind the 30 percent figure in other countries, suggesting that Australian companies are either particularly exposed to third-party risks, or have proven uniquely unable to manage those risks.
Password reuse continues to be one such risk, with the recent slew of credential-stuffing attacks highlighting exposure from poor password policies that had left many companies vulnerable to a series of user-credential leaks that had exposed 2.2 billion email address and password combinations.
Confidence in Internet security was dropping overall, with Australian organisations expecting this to drop to just 17 percent over the next five years – compared with 25 percent globally.
Countering this trend has become a significant priority for business executives who are increasingly finding themselves joining security executives at the front line of the cybersecurity battle.
“Strengthening Australia’s internet security requires decisive – and, at times, unconventional – leadership by CEOs, not just CISOs,” Accenture ANZ security lead Joseph Failla said in a statement.
“Conventional thinking on cyber resilience needs to be taken to the next level by looking beyond the traditional boundaries of a single organisation. To become a cyber-resilient enterprise, companies need to start by bringing CISOs’ expertise to the board, ensuring security is built-in from the initial design stage and that all business managers are held responsible for security and data privacy.”
Those executives are nearly unanimous in their support for tapping into the economic potential of the Internet and Internet of Things (IoT): three-quarters believe their economic potential would be unleashed by building a more trustworthy digital economy.
However, actually making this happen is proving tricky, with 77 percent of respondents saying their business is adopting new technologies faster than they can be secured – compromising hopes for improved cyber resilience.
Organisational structures weren’t helping companies to adapt, with another recent Accenture survey finding that 82 percent of companies continued to maintain centralised cybersecurity capabilities even though 73 percent of executives agreed that those capabilities should be dispersed around the organisation.
Just a third of Australian CISOs and business leaders collaborate on a cybersecurity plan and budget, the survey found – with just 21 percent saying business unit leaders are accountable for cybersecurity today.
This disconnect represents a major liability for businesses, with those same leaders likely to come in the firing line if their lack of cybersecurity involvement leads to a problematic data breach.
Microsoft, for one, believes improving the visibility of corporate data-security environment is crucial in increasing participation amongst business and technology leaders. The company recently delivered GDPR-focused compliance and security dashboards designed to help companies improve their data security – no doubt a critical focus given the massive GDPR fine given to Google in January.
“There is no doubt that organisations are taking cybersecurity more seriously, however, there is still much work to be done,” Failla said. “Cybersecurity strategy needs to be led by the board, executed by the c-suite and owned at the front lines of the organisation.”
“Further, it must be infused across all aspects of a company’s processes and systems, and built into the daily work activities of employees. To be able to grow confidently, companies can establish sustained cyber resilience through a continual, proactive focus on cyber risk management at all levels.”