As organisations increasingly find themselves under attack, new data discovers them drowning in cybersecurity debt.
IT Security and Chief Information Security Officers have long struggled to articulate the cost of cybersecurity debt to their organisations. Yet doing so is key to getting the funding required to pay down this debt, since it can expose organisations to significant risk.
To put the cost of cybersecurity debt into perspective and help security leaders make a compelling case for addressing it, ExtraHop released the 2023 Global Cyber Confidence Index: Cybersecurity Debt Drives Up Costs and Ransomware Risk, which identified a link between cybersecurity debt and heightened exposure to cybersecurity incidents, including ransomware, among Australian and New Zealand organisations.
The research, which compares IT leaders’ cybersecurity practices with the reality of the attack landscape, found organisations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022. Of those who fell victim, 82% admitted to paying the ransom at least once.
As organisations increasingly find themselves under attack, the data discovered they are drowning in cybersecurity debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT and insecure network protocols that act as access points for bad actors. Key findings from the report include:
Outdated practices are to blame
Eighty percent of Australian and New Zealand IT decision-makers say outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents their organisations have experienced. Despite these concerning figures, only 62% of respondents said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
Basic cyber hygiene is lacking
The survey found that all Australian and New Zealand respondents are running one or more insecure network protocols. Despite calls from leading technology vendors to retire SMBv1, which played a significant role in the explosion of WannaCry and NotPetya, 84% are still running it in their environments.
When it comes to unmanaged devices, 53% say some of their critical devices are capable of being remotely accessed and controlled and are exposed to the public Internet.
Confidence in cloud security is on the rise
As organisations move mission-critical applications and sensitive data to the cloud, the need to monitor cloud workloads has never been greater. With a greater focus on their cloud environments, 79% of respondents said they were completely or mostly confident in the security of their organisation’s cloud workloads.
Click below to share this article
