CFOtech Australia logo
Technology news for Australian CFOs and financial decision-makers
Story image

Understanding the weight on security leader’s shoulders, and how to shift it

By Contributor
Fri 20 May 2022

Article by Vectra.ai APJ director of security engineering, Chris Fisher.

Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.

The latest Australian federal budget includes an almost $9.9 billion package to improve the country’s cybersecurity and intelligence capabilities. In New Zealand, Gartner finds that 73% of CIOs expect cybersecurity to be their biggest technology investment in 2022.

Meanwhile, the number of threats continues to skyrocket. In 2021, 8,831 incidents were reported to CERT NZ, a 13% increase on 2020. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports. Across the ditch in Australia, over the 2020/21 financial year, the ACSC received more than 67,500 cybercrime reports, an increase of nearly 13% from the previous year.

When it comes to cybersecurity, threats have become more sophisticated and devastating to even large companies with sizable IT budgets. The commentary on the topic can be overwhelmingly negative and complicated.

In a bid to sift fact from fiction and provide actionable, tangible steps to creating a smarter security strategy, Vectra has released its A/NZ Security Leaders Research Report. This is part of a larger global study of 1,800 security decision-makers and focuses on uncovering how today’s organisations are tackling complex, modern cyber threats.

Uncovering the problems with security

According to Vectra research, the same digital transformation that is powering innovation has also dramatically expanded the attack surface. From the rapid proliferation of the cloud to the growing adoption of micro-services, DevOps and APIs, new pockets of opportunity are opening for cybercriminals to take advantage of.

To take an extreme example, in Australia, a report from the Australian Cyber Security Centre (ACSC) found that a quarter of cyber incidents reported to security officials within one-year targeted critical infrastructure, leading to potentially significant disruption in essential services, lost revenue and the potential of harm or loss of life. This trend follows suit in New Zealand, with the annual National Cyber Security Centre (NCSC) Threat Report showing there were 404 incidents affecting nationally significant organisations in the 2020/21 year, a 15% increase on last year’s total. 

Breaches today can disrupt operations, damage supply chains, destroy customer trust and open companies to regulatory fines. Often cyber-attacks cost companies a huge amount, to the point that they may not recover. In fact, in 2021, global data breach costs rose from $3.86 million to $4.24 million, and ransomware attacks resulting in stolen data and lengthy operational outages can end up costing many times that. Some companies have reported losses in the millions. This evidence alone reveals why cybersecurity is now a board-level issue.  

Within this threat landscape, what has become abundantly clear is that the old ways of defending operations are no longer working. Whether through system exploitation, phishing, using stolen accounts, or bypassing multi-factor authentication (MFA), there’s always a way in, and once inside, attackers are masters at staying hidden. To adequately defend against threats, security leaders and teams must evolve.

Four key factors that will drive change

The Vectra report found that in Australia and New Zealand, the majority (85%) of respondents stated that they felt traditional approaches wouldn’t protect against modern threats, and only 40% were confident their security tools would protect them. More than half (58%) reported they’d purchased a security solution that failed at least once, 60% were worried their tools had missed something, and 57% felt it was possible or likely they’d been breached while being unaware of it.

These findings make it obvious that security leaders are thinking about security, are aware that they’re on the back foot, and are looking for a better approach. The report also uncovered four key changes that can benefit organisations within the cybersecurity space.

For a start, a shift in thinking is required. Often, culture and mindset can be put aside in place of a technology solution, but this isn’t good enough. Security leaders need to consider how they can reorient their approach to threats, understand that attackers have the means to infiltrate even the most robust perimeters, and how to build a strong foundation. This starts at an employee level, first with the leaders within the organisation and then right down to the latest hire. A strong company culture with a security-first mindset will do a lot to build a strategy that works.

Part of the shift in thinking understands that a prevention first approach will no longer be enough. Legacy tooling and thinking is an impediment in the new threat landscape. Even so, many organisations continue to over-invest in a doomed prevention strategy that fails silently, leaving them open to being breached. We must move into detection over prevention thinking and protect against attackers in the way they are actually operating, as opposed to how you may think they are.

Another key focus for security leaders is their relationship with c-suite management and the board. As the propensity and cost of breaches increase, these key stakeholders are waking up to the risks posed by cyber-attacks, but they are not the experts. Security leaders need to find more effective ways to communicate risk and educate on how best to mitigate these risks, and get crucial buy-in for their strategies.

Finally, the report found that legislation and guidelines offer a useful starting point for businesses, with guidance and regulations helping to ensure businesses have a base security layer within their organisation. Even so, greater industry involvement and experience can help to make regulation more effective and offer a clearer understanding of the threat landscape, so leaders can move into implementing effective detection and response plans.

Finding a way forward

Genuine resilience begins with the right attitude. Many cybersecurity professionals understand that they simply can’t rely on legacy prevention-based tools any longer, nor can they rely on government advice and outdated input from boards. 

By accepting this, CISOs can begin to create the right conditions for effective cyber risk management and stop breaches before they have a heavy impact. By doing so, organisations will be able to continue to evolve their culture and security strategy to protect against threats and win in their area of expertise.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Bitdefender, Cohesity, Fortinet & MODIFI
We round up all job appointments from June 27-30, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Digital wallets
NFTs are ready to disrupt the ticketing world
The last few months have seen NFTs wielded by digital creators to take ownership over their craft and content. Now other industries are beginning to understand the real-world value that these nifty decentralised tokens can provide.
Story image
Artificial Intelligence
Juniper study reveals top AI trends in APAC region
Juniper's research shows an increase in enterprise artificial intelligence adoption over the last 12 months is yielding tangible benefits to organisations.
Story image
Infrastructure
New VMware offerings improve cloud infrastructure management
VMware has unveiled VMware vSphere+ and VMware vSAN+ to help organisations bring benefits of the cloud to existing on-prem infrastructure.
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Consumer
Adobe survey reveals link between brand trust and consumer buy-in
Adobe has announced results from a study, which finds a strong correlation between brand trust and consumer behaviour.
Story image
Talend
Forrester names Talend Leader in enterprise data fabric
Forrester has named Talend a leader among enterprise data fabric providers in the Forrester Wave: Enterprise Data Fabric, Q2 2022 report.
Story image
Cryptocurrency
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
MarTech
Martech experts reveal the “buzz” on personalisation
In the digital age, innovative technology must be leveraged to power an efficient and effective relationship marketing strategy.
Story image
Accounting
One in five Aussies never reimbursed for work expenses
A new survey has exposed Australian employee job dissatisfaction, with many being left out of pocket for work expenses. 
Story image
Contact Centre
Customer service agents don't want to return to contact centres
A new report has revealed that 85% of customer service agents want to work full-time at home and not return to contact centre offices.
The Access Group
Health and social care organisations are currently under significant financial pressure. Find out how financial transformation can help provide an effective route forward.
Link image
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Fintech
Corpay announces new collaboration with Triterras
Corpay and fintech firm Triterras have announced a new collaboration between Corpay’s Cross-Border business and Triterras Inc.    
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why its time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
DNS
DigiCert acquires DNS Made Easy and affiliated brands
Greg Clark comments, says, "This combination enhances the security of certificate validation and enables the automation of future validations."
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Story image
Dicker Data
EXCLUSIVE: Why women in IT makes good business sense - Dicker Data
The Federal government wants to bolster female participation in the tech industry to at least 40% by 2030. Here's how one homegrown Australian company has already reached that goal.
Story image
Robotic Process Automation / RPA
Salesforce announces latest generation of MuleSoft
Salesforce has introduced the next generation of MuleSoft, a unified solution for automation, integration and APIs to automate any workflow.
Story image
Digital Transformation
Stax and Consegna partner to accelerate modernisation
According to a statement, the new alliance will help both companies expand their reach across the region and realise joint goals.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
MSP
Video: 10 Minute IT Jams - An update from CyberArk
Olly Stimpson joins us today to discuss the importance of MSP programmes and how MSP partners are experiencing success with CyberArk.
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
New Relic
How to tackle the great brain drain in the tech industry
Attracting and retaining tech talent in Australia and New Zealand is becoming increasingly challenging, with the 2022 Hays Salary Guide showing a startling 91% of employers facing a skills shortage.
The Access Group
Increasing headcount isn't always the best way to grow. A good financial strategy can help solve many issues, and The Access Group shares the secret to success.
Link image
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Sustainability
Honeywell launches new carbon energy management software for buildings
The new Carbon & Energy Management service allows building owners to track and optimise energy performance against carbon reduction goals, down to a device or asset level.
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.
The Access Group
Struggling to understand which transformative technologies will help your business? The Access Group provides a look into key opportunities and impacts for finance.
Link image
Story image
Digital Transformation
What CISOs think about cyber security, visibility and cloud
Seeking to uncover the minds of CISOs and CIOs across Asia Pacific, my company recently asked Frost & Sullivan to take a snapshot of cloud adoption behaviour in the region.
Story image
Testing
Video: 10 Minute IT Jams - An update from Tricentis
Tricentis provides software testing automation, and software quality assurance products for enterprise software.
Story image
Digital Transformation
Google Cloud launches new Digital Accelerator bundles for Aussie SMBs
The new bundles are designed to help Australian small and medium-sized businesses embrace digital transformation and take their businesses online.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
NaaS
Survey finds 94% of Australian IT leaders looking at NaaS
Aruba’s latest survey reveals a rising interest in NaaS among Australian technology leaders as they re-evaluate their current infrastructure and network setup.
Story image
Civil Defence
OutSystems platform chosen as part of ADF contract
"To be included in this project is a reflection of our ability to deliver secure, modern digital outcomes for defence at an incredible pace."