News Article

20

Nov
2019

Businesses still not understanding cybersecurity

The overall risk posed by cybersecurity threats has increased over the past 12 months and adoption of cloud technologies is by far the biggest reason, according to new research that found just 31 percent of organisations can mitigate a new risk within a month.

Cybersecurity risk was by far the most frequently named risk category facing organisations today, with 29 percent of the 4500 risk-management experts contributing to the ISACA-Infosecurity-CMMI Institute State of Enterprise Risk Management 2020 report nominating it as one of the three most important risk categories; reputation and financial risk were the other most frequently named.

That trend is only set to continue in the next 24 months, with fully a third of respondents expecting that cybersecurity will present the most critical risk to the business in that time.

The widely-feared BlueKeep vulnerability – which was deemed so important by Microsoft that it released an out-of-band patch for Windows XP – may have brought forward that timetable for many companies, with a recent BinaryEdge audit suggesting there are 4500 publicly accessible systems in Australia that are vulnerable to the flaw.

With reports suggesting that cybercriminals had recently achieved the first in-the-wild exploitation of BlueKeep and that attacks were still coming thick and fast, Tenable senior research engineer Satnam Narang said the reports should set alarm bells off for organisations that have yet to patch vulnerable systems.”

“The risks here cannot be overstated – organisations must patch their systems immediately.”

Yet while cybersecurity threats emerged on a regular basis, respondents said that its risk was as difficult to define and assess as strategic and reputational risk, and harder even than technology risk. In addition, cybersecurity risk was deemed to be as hard to mitigate as reputational and political risk – with 49 percent of respondents saying that mitigating cybersecurity risks was difficult or very difficult.

To read full article: https://www.cso.com.au/article/668378/businesses-know-cybersecurity-bad-still-aren-t-sure-how-fix-it/