by Jennifer O'Brien

Phishing attacks top cause of data breaches in Australia: report

Oct 01, 2019
Artificial IntelligenceBusiness ContinuityCloud Computing

Ninety seven per cent of Australian businesses have suffered a data breach in the past 12 months, according to a Carbon Black threat report.

According to the results of the second Australian Threat Report – based on a survey of 250 CIOs, CTOs and CISOs across Australia – phishing attacks are the top cause of data breaches in Australia.

The results show that the threat environment is sustained and sophisticated with phishing attacks serving as the primary cause of data breaches.

“As we analyse the findings of our second Australian Threat Report, it appears businesses are adjusting to the ‘new normal’ of sustained and sophisticated cyberattacks,” according to Carbon Black head of security strategy, Rick McElroy.

“Greater awareness of external threats and compliance risks have also prompted businesses to become more proactive about managing cyber risks as they witness the financial and reputational impacts that breaches entail.”

The latest report from Carbon Black found phishing attacks (27 per cent) were the prime cause of breaches in Australia, according to respondents, indicating hackers are targeting the weakest link in the security chain – end users.

Phishing attack-related breaches were highest in government and local authorities at 44 per cent, followed by organisations in financial services at 25 per cent and manufacturing and engineering at 24.5 per cent.

The report also found that 56.5 per cent of Australian businesses surveyed noted a degree of financial damage associated with breaches, with 17 per cent saying the damage was severe.

Meanwhile, 75 per cent of respondents said they suffered damage to their corporate reputation. Reputational impact was felt most keenly in the government and local authority sector, with 44 per cent reporting severe damage, just ahead of the utilities sector where 43 per cent suffered severe fallout.

Australian organisations also reported feeling more confident (86 per cent) in their ability to repel cyberattacks than they did 12 months ago, the report found.

Forty three per cent of respondents said they feel a little more confident and 43 per cent feel a lot more confident, the report found.

“As the cyber defence sector continues to mature, businesses are becoming more aware of the tools at their disposal and the tactics they can use to combat cyberattacks.

“We believe this growing confidence is indicative of a power shift in favor of defenders, who are taking a more proactive approach to hunting out and neutralising threats than previously,” McElroy said.

But there are concerns about digital transformation, 5G rollout and cyber skills shortages.

Asked about the security around the implementation and management of digital transformation programs and 5G rollout only 2 per cent of Australian respondents said they had no concerns, while 49 per cent predicted it would offer more effective and destructive methods of cyberattacks.