Despite modern business moving closer toward a paperless system, less than half of organisations in the professional, scientific and technical services sector have defined cloud cyber security standards, according to new research released by BDO.
Click here to see “BDO Australia Cyber Security Report”
The data is revealed in new research conducted by BDO, in conjunction with leading cyber emergency response team AusCERT, to help the market understand the cyber security challenges Australian and New Zealand businesses face, in an environment characterised by the movement of company systems and processes online.
BDO National Leader for Cyber Security Leon Fouche said sensitive corporate and customer data was a magnet for cyber criminals which attracted them to this sector.
“With such a big push to cloud based systems, particularly in professionals services industries, it’s concerning that not even half of the businesses in this sector have adopted and implemented cloud security standards,” Mr Fouche said.
“Another concerning observation is the low level maturity of mobile device management. Professional services organisations tend to have a mobile workforce who often work outside the office where their mobile device is the main communications device used to connect back to the office. It is concerning that only 40% of organisations currently have a mobile device management tool in place to manage mobile devices”.
“It’s critical these businesses pay close attention to their mobile device and cloud based security as there is a lot of sensitive corporate and customer information criminals can use to commit financial and identify fraud”.
“They can also ask for ransom payments or release confidential information in the public domain, similar to the Panama Papers scandal earlier this year.
“To help mitigate this risk there are a couple of critical things businesses should implement as part of their enterprise risk management procedures.
“Firstly, they should undertake regular cyber security risk assessments (only 48.9% currently do this) and support this with a data loss prevention system (61.7% already adopt this) and data leakage and monitoring tools to detect when sensitive information leaves the organisation.
“They should also ensure staff awareness and education regarding cyber security is up to scratch, as users and their mobile devices are prime targets for cyber criminals wanting to find ways of accessing to data held within this sector.”
Key professional, scientific and technical services statistics
Cyber security controls already or currently being adopted in the professional, scientific and technical sector (% of respondents reported)
- Patch management processes 7%
- Privileged account management 3%
- Email filtering system to block suspicious emails 6%
- Regular cyber security risk assessments 9%
- Cyber security awareness program 3%
Top three cyber security incidents experienced last financial year in the professional, scientific and technical sector (% of respondents reported)
- Malware/trojan infections 10%
- Phishing/targeted malicious emails 3%
- Ransomware 16.7%
Report snapshot:
- Less than 19% of respondents have or plan to have a senior management role responsible for cyber security (i.e. A chief information security officer)
- 47% of respondents have implemented security awareness training for staff
- Many respondents have already taken up endpoint and gateway controls like anti-virus (93%), website and internet filtering (75%), and email filtering to block suspicious emails (91%)
- 52% of respondents are performing regular security risk assessments, but only 49% regularly report cyber risks to the board.
- 40% of respondents can detect security incidents, but only 21% have a security operations centre in place to investigate and respond to security incidents.
- 48% of respondents have a cyber incident response plan in place and only 41% have a cyber incident response team or capability in place to respond to incidents.
- 44% of respondents have defined security standards for cloud and third parties or supply chain.