Cyber security inertia has gripped Australian organisations with 46 per cent of IT security professionals admitting they rarely change their security strategy, even in the wake of a cyber attack.\nThat\u2019s the latest findings from the CyberArk Global Advanced Threat Landscape Report 2018, which reveals that this level of \u2018cyber security inertia\u2019 - and failure to learn from past incidents - increases a company\u2019s vulnerability to attacks, putting sensitive data, infrastructure and assets at risk.\nThe survey was conducted among 1,300 IT security decision makers, devops and app developer professionals and line of business owners, across seven countries worldwide.\nAccording to the findings, the greatest cyber security threats respondents face include: targeted phishing attacks (56 per cent); insider threats (51 per cent); ransomware or malware (48 per cent); unsecured privileged accounts (42 per cent); and unsecured data stored in the cloud (41 per cent).\nOverall, findings reveal organisations are failing to secure privileged accounts and credentials in the cloud, on endpoints and across IT environments.\nFindings show 46 per cent of Australian professionals surveyed say their organisation can't prevent attackers from breaking into internal networks each time it is attempted.\n\u201cAttackers have almost limitless freedom and agility, and are constantly evolving their tools and techniques. Organisations, being much larger and more structured are not able to evolve their security strategy and controls to match this pace of change,\u201d said CyberArk A\/NZ regional director Matthew Brazier.\n\u201cPrivileged accounts and secrets are the assets that are targeted in almost every attack. These are the most prized assets for attackers as these allow them to bypass other security controls undetected. \n\u201cThe most cyber mature organisations in Australia have a deep awareness of their privileged asset landscape and have put in place strong controls around the way these are issued, used and audited. Aligning both defensive and alerting capabilities to protect these assets is fundamental to an effective security strategy.\u201d\nThe report also said 36 per cent of Australian respondents report that administrative credentials were stored in Word or Excel documents on company PCs.\nAdditionally, 50 per cent of Australian respondents admit that their customers' privacy or PII (personally identifiable information) could be at risk because their data is not secured beyond the legally-required basics. \nThe report notes that the \u201chands-off\u201d approach to securing credential and data in the cloud creates cyber risk. \n\u201cThe automated processes inherent in cloud and DevOps mean privileged accounts, credentials and secrets are being created at a prolific rate,\u201d the report said.\n\u201cIf compromised, these can give attackers a crucial jumping-off point to achieve lateral access to sensitive data across networks, data and applications or to use cloud infrastructure for illicit crypto mining activities. Organisations increasingly recognise this security risk, but still have a relaxed approach toward cloud security.\u201d\nGiven the inertia, the report found a change in security culture is needed \u2013 with 86 per cent of Australian respondents stating cyber security strategy should be a regular board-level discussion topic.\nBut just eight per cent of companies continuously perform Red Team exercises to uncover critical vulnerabilities and identify effective responses.\nCompared to the US (74 per cent), only 44 per cent of Australians surveyed said their company recognises or rewards employees who help prevent an IT security breach.