Lead Machine green 160x1200

Lead Machine green 160x1200

Lead Machine green 600x108

Friday, 06 May 2022 14:52

85% of Australian organisations suffered a ransomware incident in the past five years, 72% tried to keep it quiet; ExtraHop report Featured

By ExtraHop
Rohan Langdon ExtraHop ANZ Country Manager Rohan Langdon ExtraHop ANZ Country Manager

COMPANY NEWS: Newly released ExtraHop Cyber Confidence Index Report reveals critical under-investment in crucial areas of IT, keeping confidence assessment levels low.

ExtraHop, the leader in cloud-native network detection and response, today released findings from a new survey that shows 85% of organisations in Asia Pacific were breached by ransomware at least once in the past five years, but only 28% publicly disclosed that an incident occurred.

The ExtraHop Cyber Confidence Index - Asia Pacific Report 2022, conducted by StollzNow Research, sheds light on discrepancies in how Australian IT decision makers (ITDMs) see their current security practices, and the reality of the ransomware attack landscape.

It shows that both outward and inward perceptions of security can be deceiving.

Externally, 72% of organisations will try to keep a ransomware incident quiet, telling few people if anyone, and certainly doing their utmost not to make it public knowledge.

Meanwhile, growing cybersecurity budgets don’t necessarily buy improved degrees of protection and confidence, with only 43% of ITDMs in Australia expressing a high degree of confidence in their organisation’s ability to prevent or mitigate cybersecurity threats, and an equal percentage having low confidence. Of those that are confident, many shouldn’t be. Lax security practices, continued reliance on legacy technology, and actual attack numbers all suggest that confidence levels may be overstated or unrealistic.

This may explain why executives in the region don’t back transparency or disclosure of incidents, since they can’t be confident history won’t repeat itself. It often does: on average, every Australian business that identifies as a ransomware victim was infected—or reinfected—yearly in four of the past five years.

As executive committees and directors become more educated in cybersecurity risks, and accountable for those risks to shareholders and regulators, ITDMs and security teams are likely to face more detailed questions and future audits of their security posture, decision-making and protections, particularly as it relates to budget and resource allocation. Boards and executive committees may be driven to undertake their own separate due diligence on ‘low confidence’ environments and indicators.

“Security leaders in Asia Pacific are facing a challenge. They’re in disagreement with executives around disclosure, they’re getting increased budgets but it doesn’t feel like enough, and there is worry around legal obligations,” said Jeff Costlow, CISO, ExtraHop. “These leaders need to focus on their risk tolerance for their IP, data, and customer data and arm their teams with the tools and network intelligence that can help them defend their most critical assets. This survey reinforces the challenge organisations face in preventing attacks. Let’s arm defenders with the tools and forensics needed to prevent an intrusion from becoming a full-blown breach.”

Key Australian research findings include:

  • The cost of ransomware is high: 35% of organisations in Australia have paid a ransom, despite a majority believing that paying increases the number of attacks. Organisations are more likely to have specific insurance for ransomware (42%) than to rely on a general business insurance policy (34%).
  • Ransomware attacks come in numbers: Only 15% of Australian respondents to this study said they experienced no ransomware incidents in the past five years; 53% had experienced 1-5 attacks, while 32% had experienced 6 or more. But 22% of organisations wouldn’t tell anyone if they were breached anyway, suggesting the proportion of organisations hit by ransomware is probably a lot higher.
  • Corporate leaders and security teams disagree on disclosure: Only 28% of Australian organisations are public and transparent about ransomware attacks; 50% let some people know but keep it as private as possible and 22% tell no one. This is largely against the wishes of IT security personnel, of whom 66% feel it would be better to be transparent and public about ransomware attacks.
  • Australian firms are less worried about official repercussions: While the ‘stick’ of legal action and fines can promote action on cybersecurity by senior management in certain jurisdictions, only 64% of Australian respondents agree with this statement than their Asia Pacific-wide counterparts.
  • An attentive focus on supply chain risks: A minority (44%) of Australian organisations allow third-party access to their networks, and most (87%) have considered the security aspects.
  • Budgets on the rise: Two-thirds (66%) of Australian organisations expect cybersecurity budgets to increase in 2022, while 31% expect to see stable budgets year-on-year. Very few expect cybersecurity budgets to decrease.
  • Under-resourcing is still too high: 5% of Australian organisations do not have a dedicated internal team or external team. This may seem a low figure, but if applied to all organisations it is a very large number that lack basic cybersecurity protection. Being a part of this cohort is a cause for concern.
  • Slow response times to critical vulnerabilities: Only 31% of teams are able to enact mitigations or apply a patch (where available) in under a day, with 42% taking one-to-three-days, 17% needing a week, and 6% requiring a month or more.
  • Legacy technology hit confidence: 44% of Australian respondents last updated their cybersecurity infrastructure in 2020 or before; 14% of organisations have technology that has gone at least three years without being updated. Additionally, 69% state they are concerned about legacy systems being attacked.

Even as companies continue to innovate with cloud technologies and remote workforces, IT infrastructures remain vulnerable to past architectural decisions, with obsolete protocols providing ongoing opportunities for attackers to infiltrate networks and unleash ransomware attacks. A lack of visibility and effective use of data has also contributed to organisations' obstacles in identifying vulnerabilities and preventing ongoing ransomware attacks.

“High levels of fear around the security implications of legacy environments, and the very real threat of multiple breaches a year, is a reminder of just how quickly cybersecurity postures can become outdated and vulnerable,” said ExtraHop ANZ country manager Rohan Langdon.

“Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before it can compromise the business."

Organisations should look for ransomware mitigation tools that can capture network communications across all devices, and use technologies like behavioural analytics and artificial intelligence to detect behaviours that signal a ransomware attack in progress. By leveraging a network detection and response platform, defenders can detect and stop the lateral movement and other post-compromise activity of ransomware attackers before they achieve real damage.

Next steps

The report identifies several courses of action that Australian organisations intend to take in 2022:

Network detection and response: 40% intend to invest in network detection and response systems this year, adding to the 36% of organisations that already have such systems in place.

Social engineering strategy: 36% of respondents plan to implement a social engineering strategy in 2022, building on the 30% that already have one in place today and the 46% that train staff to recognise social engineering cues. This correlates with a finding that over half (55%) of ITDMs are already confident in staff ability to identify cyber- and social engineering attacks.

Improved threat training and identification: 43% plan to implement staff threat training, while 50% plan to improve the speed of threat identification.

Onboarding more resources: 40% of organisations plan to increase or recruit dedicated internal security staff. The same proportion (41%) intend to engage external managed security services in 2022.

Australia struggles for staff

The research shows that 43% of Australian ITDMs are very or completely confident in their ability to handle cyber threats. Within that, confidence varies: 77% are confident of preventing attackers from breaking into internal networks, for example, while only 19% say they can always identify and block ransomware. Australian teams will mostly emerge from 2022 with more budget than the previous year, but may still find it difficult to attract resourcing; 63% say it is difficult to find staff for the cybersecurity team, although work-from-home options have broadened the possible skills pool.

Read 2112 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous



Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News