The survey, Cybersecurity: The Human Challenge, conducted by security shop Sophos, canvassed the views of 5000 IT managers from 26 countries (break-up in graphic below), and also found that in Australia nearly two-thirds of firms outsourced their security, either in part or whole, compared to just 39% in other countries.
Top of the outsourcing list were China (76%), the UAE (74%), and Malaysia and Singapore (both 73%) where around three quarters of respondents already include outsourcing in their IT security delivery. At the other end of the scale, in
In other Australian-specific findings, Sophos said 40% of Australian organisations were prioritising the improvement of efficiency and scalability in their security solutions — the global figure was 39% — and only 17% said finding skilled staff was the single biggest challenge compared to the 27% who cited this issue globally.
Ransomware victims were found to be spending proportionally less time on threat prevention (42.6%) and more time on response (27%) compared to those who haven't been hit (49% and 22% respectively), diverting resources towards dealing with incidents rather than stopping them in the first place.
"The difference in resource priorities could indicate that ransomware victims have more incidents to deal with overall," said Sophos principal research scientist Chester Wisniewski.
"However, it could equally indicate that they are more alert to the complex, multi-stage nature of advanced attacks and therefore put greater resource into detecting and responding to the tell-tale signs that an attack is imminent."
The company said that, from analysing a recent attack by the Windows Ryuk ransomware, it had found that such attacks could often progressing at great pace. In this particular case, "within 3½ hours of an employee opening a malicious phishing email attachment, the attackers were already actively conducting network reconnaissance. Within 24 hours, the attackers had access to a domain controller and were preparing to launch Ryuk".
Said Wisniewski: "Our investigation of [this] attack highlights what defenders are up against. IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviours.
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber-threat awareness.
"However, their ransomware experiences also appear to have given them a greater appreciation of the importance of skilled cyber security professionals, as well as a sense of urgency about introducing human-led threat hunting to better understand and identify the latest attacker behaviour.
"Whatever the reasons, it is clear that when it comes to security, an organisation is never the same again after being hit by ransomware."