The survey found 82% of organisations have heightened security concerns due the ongoing prevalence of remote working.
Even though the 'crunchy on the outside, soft in the middle' security strategy fell out of favour many years ago, organisations now recognise it is significantly more challenging to protect staff and resources when they are operating outside the firewall and connecting over the public internet.
"These concerns are understandable as organisations were forced to make significant changes to their mode of operation in a very short space of time," said BeyondTrust APJ director of solutions engineering Scott Hesford,
|
|
"Even now, more than two years after the initial lockdowns, many feel they still have much more work to do to ensure they are protected against cyberattacks."
Current security challenges identified by the survey include securing remote workforces (89%) and the implementation of a zero trust strategy (82%).
"While zero trust is seen as an effective way to protect both remote users and IT resources, it is a challenging strategy to adopt," said Hesford.
"Many organisations understand the benefits such a strategy can deliver but are still struggling to achieve them."
While 55% of organisations allow third-party vendors to remotely access their internal networks only two-thirds of them provide VPN access for those remote third parties.
"Properly securing any VPN access is challenge for most organisations. We have seen a number of breaches over the last few years where VPN access has been leveraged by attackers to infiltrate corporate networks," said Hesford.
"Dedicated secure remote access solutions are far easier to manage and provide the audit trail and granular security required by frameworks such as zero trust, whether for IT or OT."
Progress in following the Federal Government's Essential Eight security guidelines by respondents is worryingly slow.
Just three-quarters of government responders indicated that their organisation was aligning to the Essential Eight, and that proportion falls to less than two-thirds of of non-government organisations.
Furthermore, although more than half of organisations have met the requirements of the Essential Eight around regular backups, only 24% restrict admin privileges, 16% use application control, and 19% have adopted user application hardening.
"Many organisations have struggled with particular aspects of the Essential Eight, such as application control," said Hesford. "Traditionally it is seen as complex to deploy with a long time to value.
"However, with modern endpoint privilege management solutions more organisations are finding that they can meet the requirements of the Essential Eight for application control, user application hardening and restricting admin privileges in a comprehensive way with minimal impact on users and low overheads for their support team."
Despite general concern about the economy, 61% of respondents expect their organisations to increase cybersecurity budgets in the coming year.
"This news is welcome as it shows that most organisations understand the importance of having robust security measures in place. With the threat landscape constantly changing, it is vital to deploy and manage a portfolio of security tools and services that deliver complete protection."
He added "The potential for a successful attack to cause significant disruption and loss is very real. By allocating spending and following guidelines such as the Essential Eight organisations can be sure they are prepared to withstand security threats as they appear."
An unspecified number of respondents were polled for the survey at the recent AusCERT conference on the Gold Coast and the Australian Information Security Association Cybercon Connect in Sydney.
