Australian organisations have reported the highest rate of data breaches compared with global markets in 2023, according to a new survey. However, they were less likely than their global peers to experience a “significant” cyber attack.
Australia’s quicker adoption of technologies, including cloud computing, is part of the story, according to backup and recovery firm Rubrik. The company has urged Australian organisations to review their backups to improve cyber resilience.
Approximately 8 in 10 Australian organisations experienced a cyber incident
The State of Data Security: Measuring Your Data’s Risk report, based on a survey of 1,600 global IT and security leaders as well as telemetry data from 6,100 Rubrik customers, gauged the frequency of cyber incidents related to business email compromises, data breaches, ransomware attacks, insider incidents and inadvertent data exposure.
The report found that the data-breach rate among Australian companies was 50% higher than the global average. Additional findings showed that:
- 82% of Australian organisations had experienced a cyber attack of any type in 2023.
- 94% of organisations globally experienced a “significant” cyber attack, although the report did not define what a “significant” cyber attack includes.
- Data breaches were the most prevalent style of attack in Australia, comprising 54% of all incidents, compared to the global average of 38%.
- BEC attacks were found to be the second most common attack method in Australia, witnessed in 45% of cyber incidents.
- Throughout 2023, Australian organisations experienced an average of 28.17 attacks, which Rubrik found to be on par with the global average of 28.12.
Antoine Le Tard, vice president – Asia-Pacific and Japan at Rubrik, said the report’s results showed Australia was a favorite target for cyber attackers partly because the country “is a mature market and early adopter of cloud and enterprise security technologies.”
“As such, local organisations have been investing heavily in perimeter security for the past decade, yet Australia holds the unenviable title of leading the world in data breaches,” he said.
Cloud environments are heavily targeted
Cloud environments were the most targeted environment in Australia, though attacks were witnessed across various infrastructures due to the widespread uptake of hybrid environments in Australia.
According to the Rubrik report, in Australia:
- 75% of respondents reported malicious activity targeting cloud environments.
- SaaS was the second most targeted environment, with malicious activity reported by 60% of respondents.
- On-premise infrastructure was the third most targeted, reported by 46% of organisations.
Globally, Rubrik found most cloud tenants were targeted and two out of three were compromised:
- 67% of global respondents experienced an attack in a SaaS environment.
- 66% had experienced an attack in a cloud environment.
- 51% experienced an attack in an on-premise environment.
Rubrik’s cloud findings were supported by research from cyber security company Proofpoint, which found that 94% of cloud tenants were targeted every month last year and 62% of targeted cloud tenants were compromised.
Blind spots proliferating in the cloud, Rubrik warns
Rubrik said the cloud comes with inherent risk — particularly with vulnerable sensitive data — even though it is a powerful business enabler. The firm identified three security blind spots in the cloud:
- Object storage: 70% of all data in a typical cloud instance is object storage, according to Rubrik, which typically is not machine-readable by security appliances.
- Unstructured data: 88% of all data in object storage is either text files or semi-structured files, making machine readability more difficult, even if tooling and processes allow object storage visibility.
- Sensitive data: More than 25% of all object stores contain data covered by regulatory or legal requirements, including protected health information or personally identifiable information.
Australian organisations also falling victim to ransomware attacks
While data breaches were the most common attack type experienced in Australia, ransomware accounted for more than a third — or 36% — of local cyber incidents, compared with 33% globally.
Rubrik noted that Australian organisations were particularly inclined to pay ransoms to cyber criminals. In fact, 97% of enterprises reported paying a ransom to recover data or stop an attack.
The report also showed that:
- In 70% of reported Australian ransomware cases, a ransom was paid after an encryption event, or when criminals encrypted organizational data and demanded a ransom to restore access.
- In 54% of cases, a ransom was paid due to extortion threats, or cases where criminals exfiltrated organisational data and threatened to publish it if a ransom was not received.
Recorded Future tracked 4,399 publicly reported ransomware attacks across all industries with its ransomware tracker last year — an increase of 70% year over year. Le Tard said the high percentage of businesses paying a ransom following an encryption event suggested many Australian organisations are placing too much faith in perimeter defences.
“They simply aren’t prepared to recover their own data following a successful attack,” he explained.
Rubrik argues for Australia to increase cyber resilience
Rubrik says that the prevalence of attacks should push Australian organisations to strongly consider cyber resilience strategies — focused on business continuity and recovery after cyber attacks — and prevention. According to Rubrik’s report, in Australia:
- A lack of leadership involvement is the most common limiting factor after a cyber attack (22%).
- Ineffective backup and recovery solutions were the second most common limiting factor (21%).
- A lack of organisational security expertise was noted as a factor by 17% of organisations.
- 77% of Australian organisations that experienced a cyber attack chose to invest in new technology and increase spending after an attack (versus 55% globally).
Le Tard explained that “a comprehensive backup strategy is the best defence” to ransomware attacks.
“It allows the victim to rapidly recover their own data without having to pay the attackers,” he said. “But investing here often requires an organisation to accept breaches are inevitable.”
