VIEW THE INFOGRAPHIC
Transforming security for Australia
In the beginning, digital technologies were alien to organisations and their cultures. But over time this changed, as C-suites and boards became more familiar with digital and its unprecedented ability to transform growth. Today, digital is integral to core business strategies. Organisations are poised to do the same with cybersecurity. But first, organisations need to change the way they are approaching security:
Security teams are getting better—but there is still work to be done. Organisations are now preventing 80 percent of all targeted attacks. But they still face two to three security breaches a month.
Australian organisations could be cyber resilient in two to three years—but pressure grows daily. Ninety percent of respondents expect investment in cybersecurity to increase in the next three years but only 30 percent expect that increase to be significant (double or more).
New technology is critical—but investments are lagging. Seventy-nine percent agree new technology is essential. Only two out of five are investing in AI, machine learning and automation technologies.
Confidence remains high—but a more proactive approach to cybersecurity is needed. More than 80 percent of respondents are confident about monitoring for breaches. But 67 percent say cyber attacks are still a “bit of a black box” and do not know when or how they will impact their organisation.
The C-suite and board are more active in cybersecurity—but the CISOs role must adapt. Nineteen percent of cybersecurity budgets are authorised by the board of Directors and 24 percent by the CEO. The CISO’s role needs to evolve, to be more integrated with the business.
RELATED: 2018 State of Cyber Resilience in Australia
RELATED: Accenture Security
Five steps to cyber resilience
Organisations interested in innovative business models, building extended business ecosystems and adopting more flexible workforce arrangements need to find a secure and safe way to do so. Here are five steps that can help:
Build a strong foundation.
Identify high-value assets and harden them. Prioritise legacy systems. And prepare for the worst.
Pressure test resilience like an attacker.
Enhance both red attack and blue defence teams with player-coaches that use threat intelligence and communicate closely to provide analysis on where improvements need to be made.
Employ breakthrough technologies.
Automate defences. Use automated orchestration capabilities and advanced behavioural analytics.
Be proactive and use threat hunting.
Develop strategic and tactical threat intelligence. Monitor for anomalous and suspicious activity.
Evolve the role of CISO.
Progress the next-generation CISO—business adept and tech-savvy.