Intelligent CISO Issue 61 | Page 59

A find themselves under attack , new data discovers them drowning in cybersecurity debt .

ExtraHop report finds 82 % of Australian and New Zealand organisations paid up in ransomware attacks

s organisations increasingly

A find themselves under attack , new data discovers them drowning in cybersecurity debt .

IT Security and Chief Information Security Officers have long struggled to articulate the cost of cybersecurity debt to their organisations . Yet doing so is key to getting the funding required to pay down this debt , since it can expose organisations to significant risk .
To put the cost of cybersecurity debt into perspective and help security leaders make a compelling case for addressing it , ExtraHop released the 2023 Global Cyber Confidence Index : Cybersecurity Debt Drives Up Costs and Ransomware Risk , which identified a link between cybersecurity debt and heightened exposure to cybersecurity incidents , including ransomware , among Australian and New Zealand organisations .
Outdated practices are to blame
A large percentage ( 80 %) of Australian and New Zealand IT decision-makers say outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents their organisations have experienced . Despite these concerning figures , only 62 % of respondents said they have immediate plans to address any of the outdated security practices that put their organisations at risk .
Basic cyber hygiene is lacking
The survey found that all Australian and New Zealand respondents are running one or more insecure network protocols . Despite calls from leading technology vendors to retire SMBv1 , which played a significant role in the explosion of WannaCry and NotPetya , 84 % are still running it in their environments .
When it comes to unmanaged devices , 53 % say some of their critical devices are capable of being remotely accessed and controlled and are exposed to the public Internet .
Confidence in cloud security is on the rise
As organisations move mission-critical applications and sensitive data to the cloud , the need to monitor cloud workloads has never been greater . With a greater focus on their cloud environments , 79 % of respondents said they were completely or mostly confident in the security of their organisation ’ s cloud workloads . u
The research , which compares IT leaders ’ cybersecurity practices with the reality of the attack landscape , found organisations experienced a significant increase in ransomware – from an average of four attacks over five years in 2021 versus four attacks over the course of one year in 2022 . Of those who fell victim , 82 % admitted to paying the ransom at least once .
As organisations increasingly find themselves under attack , the data discovered they are drowning in cybersecurity debt – unaddressed security vulnerabilities like unpatched software , unmanaged devices , shadow IT and insecure network protocols that act as access points for bad actors . Key findings from the report include : intelligent NETWORK SECURITY www . intelligentciso . com
59