The biggest cyber security threats experienced by Australian organisations
By Jim Bulling and Michelle Chasser
The Australian Government Australian Cyber Security Centre (ACSC) has released its 2015 Cyber Security Survey: Major Australian Businesses. 149 organisations across a number of sectors, including banking and finance, defence and energy, responded to the survey which provides some interesting insights into cyber security activity and concerns for the future.
According to the survey the top 10 cyber security incidents experienced by respondents on their networks in the previous 12 months were:
- ransomware (72%)
- malware (66%)
- targeted malicious emails (59%)
- virus or worm infection (30%)
- theft of mobile devices and laptops (30%)
- trojan (27%)
- remote access trojans (20%)
- unauthorised access (25%)
- theft or breach of confidential information (23%)
- unauthorised access to information from an outsider (17%)
While the level of most cyber security incidents remained stable since the previous government survey undertaken by CERT Australia in 2013, ransomware attacks against respondent organisations have increased to 4 times of those reported in 2013.
Respondents were also asked which cyber security threats are of most concern to their organisation. The concerns largely reflect the incidents which have previously been experienced by organisations. The top 10 concerns were:
- ransomware or scareware (72%)
- theft or breach of confidential information (70%)
- targeted malicious emails (67%)
- advanced persistent threats (APTs) (66%)
- unauthorised access to information from an outsider (62%)
- social engineering (58%)
- unauthorised access to information from an insider (56%)
- loss or destruction of information (55%)
- loss of service ability (54%)
- virus or worm infection (52%)
Also of note, more respondents were concerned about trusted insiders of the organisation causing the threat (60%) than anyone else including hacktivists (55%) and organised criminal syndicates (54%).
Your organisation should consider how it is positioned to prevent, identify and respond to the above cyber security threats which are currently affecting Australian businesses.
The ACSC survey results can be found here.