Australian organisations have reported the highest rate of data breaches compared to global markets in 2023, according to a new survey. However, they were less likely than their global peers to suffer a “significant” cyberattack.
According to backup and recovery company Rubrik, Australia’s faster adoption of technologies, including cloud computing, is part of the story. The company has urged Australian organisations to review their backups to improve cyber resilience.
Approximately 8 in 10 Australian organisations experienced a cyber incident
The State of Data Security: Measuring Your Data Risk report, based on a survey of 1,600 global IT and security leaders as well as telemetry data from 6,100 Rubrik customers, measured the frequency of cyber incidents related to business email breaches, data breaches, ransomware attacks, insider incidents, and inadvertent data exposure.
The report found that the data breach rate among Australian businesses was 50% higher than the global average. Other findings showed that:
- 82% of Australian organisations will experience a cyber attack of some kind by 2023.
- 94% of organizations globally experienced a “significant” cyberattack, although the report did not define what a “significant” cyberattack includes.
- Data breaches were the most common attack style in Australia, accounting for 54% of all incidents, compared to the global average of 38%.
- BEC attacks were found to be the second most common attack method in Australia, occurring in 45% of cyber incidents.
- Throughout 2023, Australian organizations experienced an average of 28.17 attacks, which Rubrik says is on par with the global average of 28.12.
Antoine Le Tard, vice president for Asia-Pacific and Japan at Rubrik, said the report's findings showed Australia was a favorite target for cyber attackers in part because the country “is a mature market and an early adopter of enterprise and cloud security technologies.”
“Local organisations have therefore been investing heavily in perimeter security over the past decade, but Australia holds the unenviable title of world leader in data breaches,” he said.
Cloud environments are a very important target
Cloud environments were the most frequently attacked in Australia, although attacks were observed across a range of infrastructures due to the widespread adoption of hybrid environments in Australia.
According to the Rubrik report, in Australia:
- 75% of respondents reported malicious activities targeting cloud environments.
- SaaS was the second most attacked environment, with malicious activity reported by 60% of respondents.
- On-premises infrastructure was the third most targeted, reported by 46% of organizations.
Globally, Rubrik found that the majority of cloud tenants were attacked, with two in three compromised:
- 67% of respondents globally experienced an attack in a SaaS environment.
- 66% had experienced an attack in a cloud environment.
- 51% experienced an attack in an on-premises environment.
Rubrik’s cloud findings were supported by research from cybersecurity firm Proofpoint, which found that 94% of cloud tenants were attacked every month last year and 62% of attacked cloud tenants were compromised.
Rubrik warns that blind spots are rampant in the cloud
Rubrik said the cloud carries inherent risks, particularly with vulnerable sensitive data, even though it is a powerful business enabler. The firm identified three security blind spots in the cloud:
- Object Storage: According to Rubrik, 70% of all data in a typical cloud instance is object storage, which is typically not machine-readable via security devices.
- Unstructured data: 88% of all data in object storage is text files or semi-structured files, making machine readability difficult, even if tools and processes enable visibility into object storage.
- Sensitive information: More than 25% of all object stores contain data covered by regulatory or legal requirements, including protected health information or personally identifiable information.
Australian organisations are also victims of ransomware attacks
While data breaches were the most common type of attack experienced in Australia, ransomware accounted for more than a third (or 36%) of local cyber incidents, compared to 33% globally.
Rubrik noted that Australian organisations were particularly willing to pay ransoms to cybercriminals. In fact, 97% of businesses reported having paid a ransom to recover data or stop an attack.
The report also showed that:
- In 70% of reported ransomware cases in Australia, a ransom was paid after an encryption event, or when criminals encrypted an organization's data and demanded a ransom to restore access.
- In 54% of cases, a ransom was paid due to extortion threats or cases where criminals exfiltrated organization data and threatened to publish it if the ransom was not received.
Recorded Future tracked 4,399 publicly reported ransomware attacks across all industries with its ransomware tracker last year, a 70% increase year-on-year. Le Tard said the high percentage of businesses paying a ransom following an encryption event suggests many Australian organisations are placing too much faith in perimeter defences.
“They are simply not prepared to recover their own data after a successful attack,” he explained.
Rubrik advocates for Australia to increase its cyber resilience
Rubrik says the prevalence of attacks should prompt Australian organisations to seriously consider adopting cyber resilience strategies (focusing on business continuity and recovery after cyber attacks) and prevention. According to Rubrik’s report, in Australia:
- Lack of leadership involvement is the most common limiting factor after a cyberattack (22%).
- Ineffective backup and recovery solutions were the second most common limiting factor (21%).
- 17% of organizations cited lack of experience in organizational security as a factor.
- 77% of Australian organisations that experienced a cyberattack chose to invest in new technology and increase spending following an attack (vs. 55% globally).
Le Tard explained that “a comprehensive backup strategy is the best defense” against ransomware attacks.
“It allows the victim to quickly recover their own data without having to pay the attackers,” he said. “But investing in this space often requires the organization to accept that breaches are inevitable.”
