Australia’s government-funded organisations have stronger cyber security than their counterparts anywhere in the world, in the eyes of a large multinational that analysed a year’s worth of data from 10,000 clients on six continents.
While auditors-general often recommend government agencies need to improve cyber security, the report suggests that in general, local publicly funded bodies are a long way from being the weakest in the international herd.
They are collectively twice as well-prepared to respond to cyber attacks as the average government organisation in the world, according to Dimension Data’s latest executive guide to the Global Threat Intelligence Report produced by its corporate sibling NTT Security.
Australia’s government sector scores 2.92 out of five for cyber maturity, compared to 1.45 for the worldwide public sector, based on mountains of data collected for a year up to last September.
The view at Dimension Data Australia is this was “primarily due to the government sector having been subjected to high attack volumes in previous years” and that new regulations like the Notifiable Data Breaches law have had a positive influence in security.
Probably for marketing reasons, the report compares Australia to entire regions of the world, all of which contain a mixture of nations at widely varying levels of development.
However, the public sector rankings show the Asia-Pacific is still way ahead of the rest without Australia included, scoring 2.38 while Europe rates 1.35, the Middle East and Africa gets 1.19, and the Americas scores 1.15 for cyber security maturity in government organisations.
The vendor also found a lot of cyber-ambition in the Australian public sector, reporting its IT leaders are aiming for a “future state” that would rate a muscular 4 on the same scale, on average.
These two scores — for the government sector in Australia and in the Asia-Pacific respectively — are the highest of any sector in any geographic area listed in the report.
Dimension Data’s 25-page briefing also provides insights from NTT Security’s 2018 statistics on cyber attacks, such as the most common types, where they come from and the most popular targets.
It leads with seven key take-away messages about the latest threats and the company’s advice on the best ways to combat them, based on the masses of data analysis available to it.
In 2018, 21% of cyber attacks in Australia targeted government organisations while 26% were aimed at financial institutions — compared to only 13% for both sectors in 2017 — and 38% came from within the country, while 24% originated in the United States.
Crypto-jacking, where hackers hijack computing power to mine cryptocurrencies, is increasingly popular while credential theft is also reportedly on the rise. A lot of new vulnerabilities were also discovered last year — 12.5% more than in 2017 and more than in any other previous year.
The report suggests that generally, even the world’s most cyber-secure organisations have a lot of work to do, even just to meet their own ambitions.
“Globally, the average cybersecurity maturity rating languishes at a worrying 1.45 out of 5 – a score determined by an organisation’s holistic approach to cybersecurity from a process, metrics and strategic perspective. This comes during a time when security vulnerabilities have also surged to a record high (up 12.5% from 2017).”
Australia does not stand out nearly as much in the results for all sectors, with an overall score of 1.65. The Middle East and Africa led overall in 2018 on 1.77, from the global vendor’s perspective, while it gave the rest of the Asia-Pacific region 1.45.
The scores ares derived using the standard Capability Maturity Model as applied to cyber security, according to a spokesperson. The data comes from assessments the firm conducts as part of its advisory service and analysis of client data including: “log, event, attack, incident, and vulnerability data; incident response engagements; threat intelligence; and other research sources.”