Summary of Telstra Security Report 2018


By Neil Campbell, Director, Global Security Solutions at Telstra Corporation Limited

A year in review for security

It has been a notable year for security across the globe. With events such as the WannaCry ransomware, NotPetya malware, the Equifax breach, and the leaking of hacking tools by a group called the Shadow Brokers, the past year has seen large scale cyber events dominate the headlines.

Organisations recognise that getting security right from the outset is a critical success factor for large IT transformation projects, and is essential for the customer experience.

Unfortunately, the risk of cyber attack is all too real. In 2017 cyber attacks not only resulted in the loss of intellectual property (IP), but impacted share prices and customer confidence, brought the threat of litigation, and caused businesses public embarrassment.

In the face of these attacks, many in the security industry are changing their stance from whether an attack will take place; to how often these attacks might be occurring, are they able to detect them when they do, and the subsequent impact on their business.

An overview of the Telstra Security Report 2018

In this dynamic and changing environment where connectivity underpins most businesses, this year’s report highlighted that organisations are increasingly attuned to the importance of security and the need to protect their organisation.

Our 2018 Security Report is more comprehensive than ever before. We interviewed over 1,250 professionals with decision making responsibilities in their organisation for matters of security, three times more than our 2017 report.

We expanded our geographic reach to 13 countries, once again including Australia and Asia, but also Europe and the UK. We also asked respondents specific questions about electronic security, including their challenges and budgets, not just traditional cyber security.

Some of the insights are surprising. Security professionals are overwhelmingly extending their remit from cyber security to electronic security, with over 99 percent of respondents responsible for cyber security indicating they are also responsible for electronic security. This suggests the market is at an early stage of addressing cyber and electronic together as one logical security domain.

Some of the findings are very encouraging. The industry is shifting its mindset, moving to a ‘expectation of breach’ mentality, and implementing a wide range of programs too, including security audits, risk assessments and compliance tools through to continuous end-user training. In many countries, there is also a strong focus on governance, risk management and compliance in the face of several new laws regarding privacy and breach reporting.

However, other findings are more concerning. Ransomware is on the rise and is becoming increasingly targeted. Respondents reported more ransomware attacks in this year’s survey than any previous years and 31 percent of Australian respondents whose business has been interrupted due to a security breach in the past year are experiencing these attacks on a weekly or monthly basis.

Cyber preparedness and incidence response

Security awareness continues to increase and our research indicates this is driving the adoption of certain frameworks, such as security audits, risk assessments and compliance tools through to continuous end user training.

Our research found that Australian, APAC and European companies tend to focus more on conducting security audits as their top priority, which is consistent with the results from our 2017 report.

The 2018 data indicates a trend whereby businesses are undertaking a number of security initiatives. There is no area being excluded per se this year, there are only varying degrees of priority…Click here to read full summary.