This claim comes via Accenture's "2018 State of Cyber Resilience study", which notes that "in retaliation, organisations are upping their game and now preventing 87% of all focused attacks compared to 70% in 2017".
In light of this progress, Accenture states "Australian organisations are looking to gain more ground by increasing their investment in innovative cyber-resilient solutions; with 79% of Australian respondents citing breakthrough technologies like machine learning, artificial intelligence and automation as being essential to this".
Joseph Failla, Accenture Security lead for Australia, said: “Only one in eight focused cyber attacks are getting through versus one in three last year, indicating that Australian organisations are doing a better job of preventing data from being hacked, stolen or leaked.
Addressing cyber security from the inside out
On average, Accenture's report shows "Australian respondents said only two-thirds (62%) of their organisation is actively protected by their cybers security program".
"And, while external incidents continue to pose a serious threat, the survey reveals that organisations should not forget about the enemy from within.
"Two of the top three cyber attacks with the highest frequency and greatest impact within Australian organisations are internal attacks and accidentally published information.
"While Australian organisations realise the benefits of investing in emerging technologies, more than half (53%) of Australian respondents cited legacy infrastructure as causing the biggest challenge in moving forward, compared to 45% globally.
"When asked which capabilities were most needed to fill gaps in their cyber security solutions, the top two Australian responses were cyber threat analytics (43%) and security monitoring (48%)."
Security teams find breaches faster
"It’s also taking less time to detect a security breach; from months and years to now days and weeks. Nearly half (41%) of Australian organisations are able to remediate a breach in 30 days or less, with 44% of Australian organisations being able to find breaches in 1-7 days.
"Although Australian companies are detecting breaches faster, security teams are still only finding 57% of them.
"This underscores the need for collaborative efforts among business and government to stop cyber attacks. When asked how they learn about attacks they have been unable to detect, Australian respondents indicated that nearly half (48%) are found by white hat hackers and almost two thirds (62%) through a peer or competitor."
Five steps Australian organisations can take to achieve cyber resilience include:
- Build a strong foundation. Identify high-value assets and harden them. Ensure controls are deployed across the organisation, not just the corporate function.
- Pressure test resilience like an attacker. Enhance red defence and blue defence teams with player-coaches that move between them and provide analysis on where improvements need to be made.
- Employ breakthrough technologies. Free up investment to invest in technologies that can automate defences.
- Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for strange activity at the most likely points of attack.
- Evolve the role of CISO. Develop the next generation CISO to be heavily involved in the business.
For the 2018 State of Cyber Resilience study, (executive summary of the report is available to download at the end of the linked page) Accenture "surveyed 4600 enterprise security practitioners representing companies with annual revenues of US$1 billion or more in 15 countries".
"The purpose of the study is to understand the extent to which companies prioritise security, the effectiveness of current security efforts and the adequacy of existing investments.
"More than 98% of respondents were sole or key decision-makers in cyber security strategy and spending for their organisation. For the purposes of this research, a cyber resilient business applies fluid security strategies to respond quickly to threats, to minimise damage and continue to operate under attack.
"It can therefore introduce innovative offerings and business models securely, strengthen customer trust, and grow with confidence."
The executive summary of the 2018 State of Cyber Resilience study can be downloaded at the end of this linked page.
Here is the infographic, please click it or click here for the full screen PDF version: