A recent series of damaging, high-profile data leaks in Australia has changed the way Australian firms approach enterprise security and procure cybersecurity services, according to a new research report published by Information Services Group (ISG), a global tech research and advisory firm. The 2023 ISG Provider Lens Cybersecurity – Solutions and Services report for Australia finds that the attacks revealed escalating threats and changed cybersecurity from solely an IT issue to a closely monitored enterprise challenge.
“Australian companies recognise the business dangers of data leaks,” says Joyce Harkness, director, ISG Cybersecurity, for ANZ and Asia Pacific. “Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.”
The Australian government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organisations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives. More recently, the national government unveiled the 2023-2030 Australian Cyber Security Strategy, aimed at making Australia one of the most cyber secure nations in the world by 2030; appointed the nation’s first cyber security coordinator, and began operationalising the Security of Critical Infrastructure Act 2018.
Recent attacks revealed that even large Australian enterprises have cyber capability gaps, the report says. Most had invested in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the attack surface has expanded with the rise of remote work, digital engagement, an expanding supply chain and IoT. Mistakes inside organisations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.
As a result, Australian enterprises have begun to assess their risk tolerance, evaluate current controls and take an “assume breach” approach, recognising that not all breaches can be prevented and focusing on rapid detection and response, ISG says.
As they migrate to the cloud over the next few years, many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report says.
Companies with multiple cybersecurity tools, which often generate false positives that require manual intervention, will also need greater automation and interoperability to relieve the pressure on security operations centres (SOCs). The role of AI is expected to grow exponentially, often to secure IoT assets.
“We expect strong growth in the Australian security market over the next five years,” says Jan Erik Aase, partner and global leader, ISG Provider Lens Research. “Enterprises and providers will be investing heavily in both new technologies and essential skills.”
The report also explores other cybersecurity trends in Australia, including the increasing adoption of zero-trust frameworks and next-generation identity and access management (IAM) to maintain high-level security while enabling improved customer experience.
The 2023 ISG Provider Lens Cybersecurity – Solutions and Services report for Australia evaluates the capabilities of 82 providers across six quadrants: identity and access management (IAM), extended detection and response (XDR), security service edge (SSE), technical security services, strategic security services, and managed security services – SOC.
The report names IBM to lead in four quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, NTT DATA, Telstra, Tesserent, Verizon Business and Wipro to lead in three quadrants each. Microsoft is named to lead in two quadrants. Bitdefender, Broadcom, Cato Networks, CGI, Cisco, CrowdStrike, CyberArk, EY, Forcepoint, HCLTech, Infosys, Kasada, KPMG, Netskope, Okta, Palo Alto Networks, Ping Identity, PwC, SailPoint, Tech Mahindra, Unisys, Versa Networks, VMware and Zscaler are named to lead in one quadrant each.
In addition, Kyndryl is named to lead in two quadrants. BeyondTrust, HPE (Aruba), Macquarie Telecom Group and SentinelOne are named to lead in one quadrant each.
A customised version of the report is available from AC3.
Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow