Organisations could detect a security breach in less than 90 days
Fortinet has revealed the findings of its 2022 Networking and Cybersecurity Adoption Index, a major research study examining the cybersecurity readiness and approach of Australian and New Zealand (ANZ) enterprises. While companies tend to consider themselves well-prepared in general, the report uncovered that fewer than 49 per cent of ANZ organisations could detect a security breach in less than 90 days with 23 per cent taking between two and three months.
The index produced a score for respondents between zero and 100 with zero being completely unprepared and 100 being extremely well-prepared when it comes to cybersecurity. It incorporated three pillars of success: people; process; and platform.
Overall, the index revealed a score of 75, which means that organisations are, for the most part, doing a reasonable job of ensuring cyber resilience. People and platform both scored 77, which is positive. However, enterprises were let down on the process side with a score of 72 indicating room for improvement.
Australian and New Zealand organisations face ongoing cyberthreats with the potential to cause significant harm to the company and to individuals. Coping with the ever-evolving threat landscape requires enterprises to combine people, processes, and platforms in an ongoing cycle of improvement to strengthen the organisation’s cyber resilience. This can be challenging as companies continue to grapple with the ongoing cybersecurity skills shortage, as well as a shortage of subject matter experts in this space. This means that organisations must ensure their most talented and skilled people are focused on the most important threats rather than on managing multiple point solutions, which can be costly and inefficient.
Key findings of the report include:
- 63 per cent of organisations provide training for employees and 58 per cent of staff consider themselves very well trained, suggesting room for improvement
- 53 per cent of respondents considered themselves highly prepared to deal with breaches and cyber exploit threats; however, enterprises need to be aware of the risk posed by remote, isolated systems that can leave them exposed
- less than 49 per cent of organisations said they had achieved disciplined adherence to established best practices and just 48 per cent said they have achieved transparency around risk vulnerability
- 65 per cent of companies conduct regular maintenance of software updates and security patches, which is a key line of defence in mitigating security risks
- only 49 per cent of organisations could detect a breach within 30 days, suggesting most enterprises remain exposed for longer than that.
Jon McGettigan, regional director Australia, New Zealand, and the Pacific Islands, Fortinet, said, “This year’s Fortinet Networking and Cybersecurity Index demonstrates that, while organisations tend to consider themselves well prepared to face cyberthreats, many of the specific actions needed to be genuinely prepared are not given the attention they need. CISOs and CIOs must look to educate their boards to understand the importance of building maturity and deal with gaps in knowledge. Leveraging cybersecurity awareness training from providers can significantly increase the cyber skills and capabilities of IT teams and deliver real value for enterprises and individuals alike.”
This year’s Networking and Cybersecurity Adoption Index indicates opportunities for organisations to deal with advanced persistent cybercrime and reduce operational risk through increasing the maturity level of the business. Companies can deal with their cybersecurity challenges by:
- Establishing zero trust security to protect against unauthorised access. A zero-trust approach creates a far more secure environment that protects against unauthorised access to sensitive data and digital assets.
- Investing in leading-edge security technologies using automation and artificial intelligence tools. Organisations implementing artificial intelligence-based tools can significantly improve their cyber resilience and future proof their networks.
- Implementing a cybersecurity mesh architecture approach to futureproof networks. Companies should look to implement a cybersecurity mesh architecture approach to reduce the risk of cyberattacks. Embracing a mesh approach will lower costs and complexity while providing adaptability, reliability, and scalable protection.
- Providing training and awareness programs for all employees. Online cybersecurity training is beneficial to help employees protect themselves and the company against growing cyberattacks and threats. Alerting employees to the many threats that exist will keep them from making mistakes that could threaten the safety of the enterprise.
Jon McGettigan said, “This year’s Networking and Cybersecurity Adoption Index showed that organisations must invest more time into training employees. Cybersecurity is everyone’s responsibility and it’s essential to ensure that everyone knows how to do their part in keeping the enterprise safe.
“The index also revealed a real opportunity for improvement on the process side. Companies are investing in cybersecurity tools yet failing to fully realise their value by not putting appropriate and mature processes in place around those tools. Enterprises that focus on improving processes may see their overall cyber resilience improve.”
The 2022 Fortinet Networking and Cybersecurity Adoption Index is based on a survey of more than 150 enterprise decision-makers across Australia and New Zealand. The survey targeted people holding leadership positions responsible for cybersecurity, including CISOs and CIOs. Respondents represent a broad range of organisations, including manufacturing, healthcare, and technology as well as critical infrastructure sectors such as mining, energy, and transport.