Australia's new labour law complicates cybersecurity efforts
Australia's recent "right to disconnect" legislation is presenting a complex challenge for cyber security teams. While this new regulation aims to address burnout rates, which affect 75% of professionals in the sector, it also complicates the battle against cyber threats, which do not adhere to standard business hours.
The Arctic Wolf Security Operations Report for 2024 brings to light the extent of this dilemma. The report, which analysed over 250 trillion security events, reveals that almost half (45%) of security incidents now occur outside traditional working hours, with 20% taking place during weekends. This data underscores the increasing need for 24/7 security monitoring as organisations adopt more cloud-based applications.
"Threat actors are known to strike outside of normal business hours, including on weekends and during the holiday seasons," the report states. These findings raise significant concerns for organisations trying to balance their security needs with the well-being of their staff.
The report also points out that the frequency of cyber-attacks has outpaced the growth in security budgets and tools. Despite record-high investments in cybersecurity, organisations are still grappling with widescale IT outages, thousands of new vulnerabilities, and targeted malicious actions by nation-state actors.
Arctic Wolf's Director of Security Services for ANZ, Mark Thomas, highlighted the challenges faced by security teams: "It's a double-edged sword. We welcome initiatives aimed at reducing burnout among cyber security professionals. However, the reality is threats don't take time off. Organisations need to find a balance between staff well-being and ensuring continuous protection against cyber threats."
The report points out the overwhelming sprawl of security tools as another critical issue. Identity and Access Management (IAM) tools have become the primary source of alerts for security operations teams, with identity telemetry accounting for seven of the top ten indicators of compromise during security events.
The technology sector, in particular, is noted for having one of the worst average security postures, trailing significantly behind highly regulated industries like Banking, Legal, and Healthcare. Despite these more stringent sectors demonstrating better overall security postures, they also remain under constant attack.
An additional key finding from the report is that widely used business applications are frequently targeted. Microsoft's software, in particular, accounted for three of the top four applications most exploited by attackers, signalling the urgency for IT and security teams to swiftly address and patch vulnerabilities.
Dan Schiappa, Chief Product and Services Officer at Arctic Wolf, emphasised the value of security operations: "Organisations that embrace security operations are more secure, more resilient, and better able to adapt to the ever-evolving threat landscape. However, very few organisations have the expertise or resources to build such capabilities on their own."
Schiappa added, "The insights and recommendations in our Security Operations Report will allow readers to not only understand the challenges we collectively face as a cybersecurity industry, but also consider practical steps on how organisations can advance their security journey and fortify their defences to better protect themselves from the evolving tools and tactics used by modern threat actors."
The Arctic Wolf Security Operations Report offers extensive insights, aiming to equip organisations with best practices to enhance their security outcomes amidst an increasingly complex threat landscape.