News
Vendors

New Tenable study reveals Australian organizations cannot prevent 42 percent of cyberattacks

November 02, 2023
Tenable OT Security works on asset discovery and visibility, offers vulnerability, threat detection

Exposure management firm Tenable published a new study revealing that Australian organizations could not prevent 42 percent of cyberattacks on their businesses, only successfully stopping 58 percent of cyberattacks over the past two years. Consequently, organizations have had to rely on reactive measures rather than preventing attacks from occurring in the first place. 

The study further revealed that 75 percent of Australian respondents believe their organizations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 56 percent indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hampering their capacity to take a proactive stance.

The data is drawn from the Australian edition of ‘Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia,’ a commissioned study of 825 IT and cybersecurity professionals including 100 Australian respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.

The study, which underscores the importance of a proactive, rather than reactive, approach to cybersecurity, emphasizes how fragmented cybersecurity tools obstruct organizations from consistently and accurately assessing their cyber risks. Furthermore, the findings indicate that significant challenges arise not just from external threats, but also from inherent issues within the organization’s own structure and operations.

“Siloed cybersecurity tools, and by extension, the teams behind them, are inadvertently preventing organizations from having a clear, continuous and comprehensive view of their cyber risk,” Scott McKinnel, country manager at Tenable ANZ, said in a statement. “Internal mindsets further complicate matters, and make collaboration between IT and security teams challenging. The findings show that 48 percent believe coordination between these teams is difficult, while 62 percent highlight IT is more concerned with system uptime over patching and remediation.”

The Australian government has advocated for companies to rely less on third-party tech providers because of the cyber risks involved. The study validates this concern highlighting that even though 65 percent of organizations use a third-party program for software and services, a little under half (46 percent) have high and very high visibility into third-party environments.  

McKinnel noted, “While there are no quick fixes to these challenges when we look at key differences between low-maturity and high-maturity organizations across the overall sample, some themes begin to emerge that can serve as a guide for organizations looking to reduce their risk.”

  • Low-maturity organizations are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organizations preventively defended against 61 percent of the attacks they experienced and reactively mitigated against the rest. In low-maturity organizations, 56 percent of attacks were preventively defended while 44 percent were reactively mitigated. 
  • High-maturity organizations see the value in data aggregation: 57 percent use aggregation tools to collect and analyze data to quantify risk exposure, compared with only 46 percent of low-maturity organizations. 
  • High-maturity organizations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57 percent of high-maturity organizations say it takes 11 hours or more to produce such reports, compared with 72 percent of low-maturity organizations.

Last week, Tenable expanded its partnership with Siemens Energy to further secure operational technology (OT) environments in the energy sector.  Building on years of collaboration, Siemens Energy will integrate Tenable OT Security into their Omnivise T3000 control system as a network intrusion detection system (NIDS), in addition to already leveraging Tenable OT Security for asset discovery and vulnerability management.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation