Moving to a cyber resilient mindset

Moving to a cyber resilient mindset

Cyber-attacks continued to dominate in 2021, starting with the widespread SolarWinds attack and ending with the Log4j vulnerability that took everyone by surprise. These attacks, and others, further highlighted vulnerabilities in the supply chain and the wide-ranging nature of Information Technology (IT) ecosystems.

In a year where the challenges caused by COVID-19 were due to end, many organisations were required to extend remote working or in some cases, move to permanent remote working options for employees, requiring sustained oversight of virtual environments.

2021 saw more focus and collaboration from governments, both locally and on a global scale, to help improve cyber resiliency. Australia, Canada, United States, United Kingdom, and New Zealand released best practices for incident response. Locally, both Australian and New Zealand Governments have invested in more cyber security funding and updated legislation, such as the Security of Critical Infrastructure Bill and Online Safety Act.

For the sixth year in a row, we surveyed organisations across Australia and New Zealand to identify the challenges and threats faced in 2021 and what organisational leaders have prioritised to protect their key assets and infrastructure. 

Cyber resilience is key

Cyber resiliency is now becoming the focus point for organisations, governments and regulatory bodies.  Cyber resiliency is having a mindset that cyber attacks can, and will, happen and to be as prepared as possible. Organisations can achieve this by knowing what assets they are trying to protect, having appropriate controls (and testing these controls), being able to quickly identify attacks, limit the scope of these attacks and remove attackers from the environment as quickly as possible.

Shifting attitudes to proactive security investment

Our survey showed that more organisations are taking proactive measures to become cyber resilient and help prepare for, and defend against, cyber attacks once they happen. Organisations are now investing in core response capabilities, such as dedicated incident response teams and security operations centres (SOCs), to enable swift identification of threats.

Cyber intelligence is another area that organisations see as a key factor to their cyber defence playbook, with over 60% of respondents saying they now proactively receive this information.

Nonetheless, organisational leaders remain cautious in their approach, seemingly appropriate when facing the challenges in hiring cyber security professionals and increased dependency on third-party services.

Threat landscape

The risk of a cyber attack or data breach is still a top concern for boards and executives, which perhaps (and positively) is leading to more investment in cyber security. Laying the foundation and getting the basics right is a key component of managing cyber security threats.  Over the last few years, our survey has seen an increasing focus on cyber risk management and control implementation overall, covering a broad focus, ranging from governance measures to technical controls.

Ransomware is here to stay

Ransomware is still a major concern for organisations. While prominent criminal groups are now focusing on large and highly lucrative targets, they are also selling their tools to less equipped organisations as ‘ransomware-as-a-service’ (RaaS). These RaaS tools can be purchased in the same way as legitimate software but on the dark web, and are targeted at organisations of their choosing as a subscription service. This is another worrying trend in the cyber criminals evolving model and shows criminals now operate with a traditional business mindset.

The 2021 Cyber Security Survey Report is a valuable tool, helping your organisation stay ahead of the growth of sophisticated cyber attacks. Benchmark your approach against industry peers, and equip yourself with trend data, to assess and optimise your organisation’s cyber security.


2021 Cyber Security Survey Report

Download: 2021 Cyber Security Survey Report