Tenable has published new findings highlighting that the vast majority of Australian cybersecurity and IT leaders (68%) view cloud infrastructure as the greatest source of cyber risk in their organisation. The perceived risks stem from the use of public cloud (34%) and/or multi-cloud (19%) and private cloud infrastructure (15%).
Respondents are particularly worried about the complexity introduced when trying to correlate user and system identities, access, and entitlement data. Within this context, 74% of Australian respondents emphasised the importance of considering user identity and access privileges. However, 53% say their organisations struggle to integrate this crucial data into preventive cybersecurity practices, revealing a gap between recognition and practical implementation.
These findings are part of the Australian edition of “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia,” based on a commissioned study of 825 IT and cybersecurity professionals including 100 Australian respondents conducted in 2023 by Forrester Consulting on behalf of Tenable. The report outlines the challenges and risks associated with cloud infrastructure.
The findings align with the recently published Australian Signals Directorate Cyber Threat Report 2022-23, revealing a growing vulnerability in cloud infrastructure. According to the report, 41% of data breaches are aimed at compromising cloud services, local systems, or entire networks. This poses a significant concern for Australia, given that 59% of organisations rely on cloud technology. Notably, cyber adversaries are increasingly targeting the nation’s critical infrastructure, with such attacks rising by nearly one-third in the past year.
As well as specific cloud security concerns, the Tenable study highlights that nearly 63% of respondents express that a lack of data hygiene in user data and vulnerability management systems prevents employees from making prioritisation decisions. Additionally, 56% of organisations invest 11- 20 hours monthly in security infrastructure reporting. While 62% hold monthly meetings on business-critical systems, a significant 14% conduct such meetings only once a year, indicating a need for more consistent strategic discussions on organisational security.
The study also showed that 65% of respondents allocate 25 or more employees to tasks related to deploying, supporting, maintaining, and managing vendor relationships for cybersecurity tools. This underscores the substantial human resources required for effective cybersecurity measures.
“This research underscores that vulnerabilities associated with identities and entitlements pose the most significant threat to cloud infrastructures within the public cloud,” said Scott McKinnel, Country Manager ANZ at Tenable. “The intricate web of cloud complexity, marked by identity sprawl and layers of policies undergoing frequent changes, adds to the difficulty of comprehending access risk and permissions. Effectively addressing this challenge demands not only technical expertise but also a contextual understanding of assets, vulnerabilities, and their alignment with business objectives.”
Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals at large enterprises in the U.S., the U.K., Germany, France, Australia, Mexico, India, Brazil, Japan and Saudi Arabia. The study was fielded in March 2023 and commissioned by Tenable.
*Note: Total percentage may not equal separate values due to rounding.
