A recent study spearheaded by Tenable, an Exposure Management firm, demonstrates that 68% of Australian cybersecurity and IT leaders perceive cloud infrastructure as the leading source of cyber risk within their organisational structures. This perceived risk stems largely from the application of public clouds (34%), multi-cloud services (19%), and private clouds (15%). The findings were part of the Australian edition of 'Old Habits Die Harmful: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia', conducted by Forrester Consulting on behalf of Tenable.
Notably, 74% of Australian respondents expressed that correlating user and system identities, access, and entitlement data exudes intricate complexity, intensifying their cause for concern. Despite the clear understanding of user identity importance, over half (53%) of organisations admitted to grappling with the integration of such vital data into preventive cybersecurity strategies, indicating a stark contrast between recognition and practical application.
These apprehensions mirror the recently published Australian Signals Directorate Cyber Threat Report 2022-23. It reported an invariably emerging vulnerability in cloud infrastructure, revealing that 41% of data breaches target cloud services, local systems, or complete networks. With 59% of organisations heavily relying on cloud technology, the report solidifies evidence of endangerment to Australia's cybersecurity landscape.
Amplifying these precarious circumstances, cyber adversaries targeting Australia's critical infrastructure have observed a surge of almost a third in the past year. The Tenable study shed light on the troubling lack of data hygiene in user data and vulnerability management systems, impeding employee prioritisation decisions in nearly 63% of participants. Additionally, 56% of organisations dedicate a significant portion of labour towards security infrastructure reporting, representing 11- 20 hours per month. The study suggests a need for regular strategic discussions on organisational security, considering that only 14% hold such meetings yearly.
Furthermore, 65% of respondents confirmed that they devote the efforts of 25 or more employees to tasks associated with cybersecurity tools deployment, supporting, maintaining, and managing vendor relationships. This illustrates that effective cybersecurity measures necessitate a considerable human resource investment.
Commenting on the research, Scott McKinnel, ANZ Country Manager at Tenable, said, "Vulnerabilities associated with identities and entitlements pose the most significant threat to cloud infrastructures within the public cloud. The intricate web of cloud complexity, marked by identity sprawl and layers of policies undergoing frequent changes, adds to the difficulty of comprehending access risk and permissions."
McKinnell underlined that overcoming these hurdles not only needs technical prowess but also a contextual understanding of assets, vulnerabilities, and their alignment with business targets. The research throws a spotlight on the challenges that Australian organisations need to navigate to fortify their cybersecurity measures, particularly in the rapidly evolving realm of cloud infrastructure.