Australian businesses strengthen cybersecurity, rattled by major organisational breaches

AUSTRALIAN enterprise leaders are steadily recognising and unearthing growing threats, assessing risks and changing strategies to better detect and respond to attacks, according to a new ISG Provider Lens report

The recent series of damaging, high-profile data leaks in Australia has changed the way Australian organisations approach enterprise security and procure cybersecurity services, according to the new research published today by Information Services Group (ISG, Nasdaq: III), a global technology research and advisory firm with runs on the board in cybersecurity.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia has found the attacks revealed escalating threats and changed cybersecurity from solely an information technology (IT) issue to a closely monitored enterprise challenge.

“Australian companies recognise the business dangers of data leaks,” ISG Cybersecurity director for ANZ and Asia Pacific, Joyce Harkness said.

“Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.” 

The Australian Government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organisations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives.

More recently, the Federal Government unveiled the 2023-2030 Australian Cyber Security Strategy, aimed at making Australia one of the most cyber secure nations in the world by 2030. The government also appointed the Australia’s first cyber security coordinator and began operationalising the Security of Critical Infrastructure Act 2018.

Plugging security capability gaps

Recent attacks revealed that even large Australian enterprises had cyber capability gaps, the report said.

Most had invested heavily in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the ‘attack surface’ has expanded with the rise of remote work, digital engagement, an expanding supply chain and the internet of things (IoT).

Mistakes inside organisations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.

ISG reported that, as a result, Australian enterprises had “begun to assess their risk tolerance, evaluate current controls and take an ‘assume breach’ approach, recognising that not all breaches can be prevented and focusing on rapid detection and response”.

As they migrate to the cloud over the next few years, many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report said.

The report deduced that companies with multiple cybersecurity tools, “which often generate false positives that require manual intervention” will also need greater automation and interoperability to relieve the pressure on security operations centres (SOCs). The role of artificial intelligence (AI) is expected to grow exponentially, often to secure IoT assets.

“We expect strong growth in the Australian security market over the next five years,” ISG Provider Lens Research partner and global leader, Jan Erik Aase said.

“Enterprises and providers will be investing heavily in both new technologies and essential skills.”

Australian business tries to get it right

The report also explored other cybersecurity trends in Australia, including the increasing adoption of zero-trust frameworks and next-generation identity and access management (IAM) to maintain high-level security while enabling improved customer experience.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia evaluates the capabilities of 82 providers across six quadrants: identity and access management (IAM), extended detection and response (XDR), security service edge (SSE), technical security services, strategic security services, and managed security services (SOC).

The report named IBM as a leader in four quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, NTT DATA, Telstra, Tesserent, Verizon Business and Wipro as Leaders in three quadrants each. Microsoft is named as a Leader in two quadrants.

Bitdefender, Broadcom, Cato Networks, CGI, Cisco, CrowdStrike, CyberArk, EY, Forcepoint, HCLTech, Infosys, Kasada, KPMG, Netskope, Okta, Palo Alto Networks, Ping Identity, PwC, SailPoint, Tech Mahindra, Unisys, Versa Networks, VMware and Zscaler are named as leaders in one quadrant each.

In addition, Kyndryl is named as a ‘rising star’ — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. BeyondTrust, HPE (Aruba), Macquarie Telecom Group and SentinelOne are named as rising stars in one quadrant each.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia is available through https://isg-one.com

 

ends