Australian businesses are facing a rising tide of cybersecurity threats and despite $6bn of forecast spending on the sector this year it remains a huge headache for companies.

New Zealand’s stock exchange, NZX, is just one high profile business that has been hit by a string of cyber-related incidents over the past few weeks.

Cybersecurity threats are increasing for three reasons, Hector Daniel Elbaum, chairman and chief executive of Australian cybersecurity company VeroGuard Systems told Stockhead.

Firstly, current methods of identity and credential protection are failing because of a lack of secure digital identity and credentials when accessing systems and data online.

Stolen user credentials are the most common point of attack in hacking attempts, Elbaum said.

Secondly, extended supply chains and the Internet of Things have increased the number of potential entry points for hackers, making companies more vulnerable to attack.

Half of organisations in an IBM Ponemon Institute survey said they had suffered a security breach through one of their vendors.

Thirdly, cyber criminals are becoming more effective and efficient at harvesting personal data in social, government and corporate systems.

It takes an average of 206 days to identify a cybersecurity breach and 73 days to contain it, according to the IBM Ponemon Institute survey.

The threats and breaches have accelerated during COVID-19 and the current pandemic is exacerbating the already compromised position,” Elbaum said.

 

WFH creating a weak point for cybersecurity

Remote working as a response to the pandemic is placing IT professionals in a difficult position as they try to rapidly scale access to non-critical domains for work-from-home (WFH) employees.

“The scale of WFH and uncertainty of a rapidly changing pandemic allows cyber criminals greater options and opportunities for cyberattacks,” he said.

The threat level for cyberattack can increase for WFH employees because of poor wifi security, stretched support services, a lack of robust digital identity infrastructure and increased pressure on company detection systems and IT personnel.

VeroGuard’s platform protects online privacy by providing identity security that eliminates cyber threats and is easily and rapidly deployable for companies. The company is currently raising investment from sophisticated and professional investors in a pre-IPO funding round.

ASX tech stocks with cybersecurity applications have been a focus for investors.

 

Malware, account hijacking and targeted attacks

Malicious software or malware, account hijacking and targeted attacks are the top three types of cybersecurity breaches, according to computer security firm McAfee.

“Cybersecurity attacks are on the rise as cyber criminals are leveraging the world’s need for information on COVID-19 as an entry point into systems across the globe – and this is of great concern to all industries, including the finance sector,” McAfee Asia-Pacific regional director Joel Camissar told Stockhead.

“What started as a trickle of phishing campaigns and the occasional malicious app swiftly turned into a surge of malicious URLs and capable threat actors.”

The software security firm observed 375 threats per minute, and WFH has increased the exposure of companies to potential cybersecurity breaches, its July quarter report said.

Opportunistic cyber criminals are targeting employees working from home during COVID-19.

“Cyber criminals see a remote, distracted and vulnerable workforce as opportune targets,” Camissar added.

Top internet protocol address locations for external cloud account attacks from January to April include Brazil, China, India, Laos, Mexico, New Caledonia, Thailand, the US and Vietnam, McAfee said.

There were 518 incidents of personal data breaches in the first half of 2020, up 16 per cent on the corresponding 2019 half year, the Australian Information Commissioner said.

Criminal attacks accounted for 61 per cent of all data breaches in the period, Camissar said.

Main types of cybersecurity breaches. Source: McAfee

Cybercrime outpaces cybersecurity spending

Spending on cybersecurity is soaring and in Australia is expected to exceed $6bn this year, due to the increased challenges of COVID-19, up from $4bn last year, according to VeroGuard’s Elbaum.

Even this level of spending may not be enough, and it has already exceeded industry estimates of reaching $4.7bn by 2026, he said.

Despite the amount of money being spent on cybersecurity, the costs of cyber-crime are growing more quickly, Elbaum said.

“The economic impact from cybersecurity is estimated to reach $US6 trillion in 2021, up from $US600bn in 2017,” he said.

The security cost of protecting global publicly accessible computer cloud systems is set to reach $US700bn by 2022, or twice the $US350bn value of the system itself.

Adding to the issue of cybercrime, is Australia’s apparent skills shortage in cybersecurity.

“Australia has substantial gaps to other countries on developing local cybersecurity technology, innovation and companies,” Elbaum said. “The investment in cyber security is not keeping up with the rate of losses from cyber-crime.”

Countering cybersecurity threats

Governments could help to lower the risk of cybersecurity threats by building a secure identity platform for its citizens and business that can eliminate credential compromise.

“Detection and remediation as a priority simply has not worked and will not catch up to the increased sophistication of threats,” Elbaum said.

“The criminals have larger incentives and rewards to build the resources that avoid detection.”

Governments also need to beef up the cybersecurity resilience of Australia’s critical infrastructure such as water, power and traffic systems, and build on its sovereign capability.

“Cyber threats are starting to be recognised for the significant disruption they can cause on our economy and welfare,” Elbaum said.

“We need to treat the cyber threat equally to attacks by sea, air and ultimately land particularly knowing that they can be launched from anywhere in the world, without notice.”

Read MoreCOVID-19Cyber SecurityInformation Technology

You might be interested in