Thursday, 02 June 2022 20:28

EVENT VIDEO: Fastly shows 75% of Australian IT leaders attribute size of today’s attack surface to web app proliferation

By

New research shows over half of businesses struggle to reduce the risk of attacks, leaving them fearful of compromise, particularly by nation-states and other types of threat actors. The study also predicts this situation will continue if critical cybersecurity skills shortages aren’t addressed, and if organisations do not employ detection technologies that are effective in production, provide real-time visibility, and integrate with existing tools and processes.

Fastly. A global edge cloud platform provider, the company started in 2011, landed in Australia with two points of presence in 2015, and in 2019, expanded its Australian footprint and opened local offices.

The pandemic then arrived in 2020, setting off the biggest boom in digital acceleration the world has ever seen. Fastly was well placed to copy, as it combines "the world’s fastest global edge cloud network with powerful software," helping its customers "develop, deliver, and secure modern distributed applications and compelling digital experiences."

The company proudly boasts many global customers including Pinterest, The New York Times, and GitHub, with A/NZ customers including Freelancer, Kogan, Linktree, Nine, NRL, Radio New Zealand, Seven Network, Trademe and Vodafone.

On Monday, May 30 2022, Fastly released new research in partnership with Ecosystm that shows 75% of Australian businesses are now living with a vastly increased attack surface caused by their reliance on web-based applications. Large attack surfaces are routinely sought out and tested by attackers looking for less-protected entry points into corporate IT environments.

The detailed, 18 page Fastly/Ecosystm PDF white paper titled "How are Australian Companies Adapting to the New Threat Landscape?" can be freely download here (without needing to register first)

According to its survey, organisations in Australia moved en masse to more decentralised IT architectures over the past two years, but still struggle with some of the cybersecurity implications of these kinds of digital- and cloud-first operating models. Cloud, web applications and the APIs that enable these apps to integrate and exchange data rate highly in the risk and challenge assessments by CIOs, IT directors and technology leaders of Australian organisations. API endpoints, cloud service provider authentication, and enterprise open source software are all seen to pose considerable risks as potential entry points for attackers.

Inadequate controls around these architectural elements, coupled with a lack of operational maturity and reliance on traditional defensive postures, has Australian business leaders on edge and fearful of attacks. The survey shows that 65% of large enterprises in Australia rate nation state attacks as a very high or high risk to their organisations. There is also concern among leaders of all business sizes over credential stuffing, which attackers may use to try to compromise cloud accounts and individual as-a-service logins.

Here is the event in full, with Fastly executives including Derek Rast, Area Vice President A/NZ and Stephen "Max" Gillies, Technology Evangelist APAC, as well as Fastly customer Agathe Savard, a Security Leader & Strategist, as well as the Senior Director for Security and Risk at the Campaign Monitor Group, along with members of Australia's IT media at a lunch event, with the research findings presented by Andrew Milroy, Ecosystm's Principal Advisor, with plenty more information thereafter, so please read on!

The research also shows that:

  • IT leaders expect to increase focus on the security of web applications in the next two years, but more likely in 2023. Digital has dominated IT strategies over the past two years, but operating securely in a majority or fully web- or cloud-based environment means living with elevated risk tolerances and discomfort for security teams.

  • Application security often comes off second in the competition for attention and funding. Over half (53%) of IT leaders say they’re prioritising “other digital transformation projects” above application security in 2022, while 39% say “other business initiatives” - outside of IT - are taking priority, to the detriment of cybersecurity.

  • More than 40% of leaders identify cloud misconfiguration as being still among their top five cybersecurity challenges. Despite the attention and focus this issue has received in the past couple of years, and the rise of low-code/no-code platforms and configurations, cloud environments remain complex, and errors or misunderstandings mean even experienced engineers can encounter cost overruns and/or unintended data exposure risks. This is higher for enterprises (41%) than for large (22%) and medium-sized (26%) organisations.

  • The key challenge for managing application security initiatives is complexity. 55% of leaders say too many third parties are involved in end-to-end security of their applications, pointing to the new reality of operating in a cloud-, web- and API-driven world.

That is because a typical response by decision-makers to the increasing complexity of their technology environments is to deploy additional new security solutions. But that approach means nearly half of Australian companies have more than 50 cybersecurity tools, and are battling alert fatigue and high false positive rates as a result.

Organisations need a modern cybersecurity posture that enables them to anticipate threats before they happen, and respond instantly when attacks occur. They need security controls that are capable of automatically sensing, detecting, reacting, and responding to access requests, authentication needs, and outside and inside threats. Administration and application of these controls should also be automated to a high degree to improve coverage and consistency, and reduce the burden on Security Operations Centres (SOCs) and cybersecurity practitioners.

“As Australian companies move deeper into digital transformations, they come up against a known problem: the challenges of securing a rapidly rising number of mission-critical cloud services and API-centric applications,” said Derek Rast, Area Vice President Australia and New Zealand at Fastly.

“The tools these companies use to secure their digital-first, cloud-first and microservices-based architectures need to evolve. Traditional web application and API security tools fall short in this regard. Leveraging Web Application Firewalls (WAFs) and Content Delivery Networks (CDNs) should be part of a holistic defence-in-depth security strategy.”

Cyber threat responsiveness is itself under threat

Illustrating perfectly the cyber maturity challenges faced by Australian companies is the lack of consistency in the operating parameters, powers and preparedness of cyber threat and incident response teams.

The research finds one in three cyber threat response teams lacks the support of key internal stakeholders, is unclear about escalation points for incident management, and doesn’t have the authority to confiscate or disconnect equipment and monitor suspicious activity, including from senior management.

In addition, when it comes to cyber threat response planning:

● Only 54% have a full plan that includes legal and corporate communications teams

● 50% rehearse the plan at least once a year, the other half practice less frequently or don’t practice at all

● 48% have a timeframe for additions and improvements for the plan, and hold senior leaders responsible for making the improvements

Enterprises are more likely than large or medium-sized organisations to have a multi-stakeholder plan that is well-rehearsed. However, they’re also more likely to be subjected to regulated requirements for incident planning and response. This is supported in the study by compliance being identified as a major cybersecurity challenge facing organisations.

Enterprise still one step from the edge

Medium and large organisations are more likely than enterprises to be rethinking the way they deploy applications and business logic to end users and to be in active pursuit of that target state. The research shows 64% of medium-sized organisations and 56% of large organisations are embracing edge computing, moving business logic from application servers to an edge cache. By contrast, just 43% of enterprises are doing the same - 10% below the overall average.

Moving business logic from the backend to the edge not only increases application performance but can also substantially reduce an organisation’s risk, since user requests are funnelled through a single ‘front door’, instead of to any number of servers that host the application.

Methodology

The study represents the views of 200 cybersecurity decision-makers - mostly CIOs, IT Directors and equivalent titles - in Australia. The study was commissioned by Fastly and conducted in April-May 2022. It covers organisations of three sizes: medium (101 to 499 staff), large (500 to 999) and enterprise (1000-plus staff).

The detailed, 18 page Fastly/Ecosystm PDF white paper titled "How are Australian Companies Adapting to the New Threat Landscape?" can be freely download here (without needing to register first)

Read 2226 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments