Security getting bigger piece of IT budgets

Sophos has released additional findings from its survey report, The Future of Cybersecurity in Asia Pacific and Japan, suggesting that 12% of Australian tech budgets are now dedicated to cybersecurity, an increase from 6% the previous year.

The report, compiled in collaboration with Tech Research Asia (TRA), reveals that Australian organisations have identified threat hunting as a key consideration for strengthening cybersecurity defences. Most organisations (97%) undertook threat hunting to bolster their cybersecurity capabilities in 2021; of those that did, 87% stated the approach is critical or important to their company’s overall cybersecurity capabilities.

“It’s great to see organisations taking cybersecurity more seriously, with budgets and maturity levels on the rise and organisations looking to build threat hunting into their cyber defence strategies,” said Aaron Bugal, global solutions engineer at Sophos.

“Given that threat hunting has become a priority for the majority of organisations, it’s interesting to see that cybersecurity professionals rank ‘not being able to keep up with the pace of threats’ in their top five frustrations in 2022, as indicated in the survey.

“Even with the additional investment, organisations need to ensure they are not overstating their maturity levels and the implementation of threat hunting solutions, leading to complacency. With increased maturity and investment, one would think successful cyber attacks would decline; however, they continue to wreak havoc,” he said.

Sophos says it is important for organisations to review strategy regularly and address the gaps, particularly as the company has seen an uptick in the number of instances where organisations are being attacked multiple times — sometimes simultaneously.

“Organisations must be active in their approach to combatting cyber attacks, with threat hunting functioning as an always-on activity and not a once- or twice-a-year exercise. Organisations must constantly be on the front foot to identify and thwart attacks, and regular and consistent threat hunting is key to this; failure to do so means organisations will remain vulnerable,” Bugal said.

Organisations are reactive and passive in their approach to cybersecurity

Thirty-seven per cent of Australian companies surveyed haven’t made a change to their information or cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity — something that must be addressed as a priority. The driving factor behind a change in strategy is an attack or breach, leading to an “attack, change, attack, change” cycle, a trend observed since 2019. More than half (53%) of the respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organisations take to managing their security.

“Cybersecurity strategies must move with — or even faster than — the threat landscape and, sadly, that’s not happening at the moment. By updating cybersecurity strategies after a successful attack, organisations will always remain in a reactive state and continue to be easy targets for attacks. Organisations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and who also have access to telemetry and artificial intelligence for faster detection and response capabilities,” Bugal said.

Image credit: iStock.com/BlackJack3D