Vinayak Sreedhar, Country Manager, Australia, ManageEngine, says awareness must be backed by action.
A recent report from ManageEngine on the cyber resilience of organisations in Australia and New Zealand unveiled a concerning trend.
While individuals and the organisations they operate in share a profound concern regarding cybersecurity breaches, a considerable gap exists between awareness and action within these organisations.
The report also highlighted that only 56% of organisations have taken measures to modify their existing cybersecurity protocols – despite being well-informed about breaches.
More alarming is the revelation that a significant 26% of organisations have done nothing to improve their security over the previous 12 months – with a further 17% being unsure whether adjustments have been made.
This unsettling pattern underscores a level of complacency that could potentially leave organisations vulnerable to further breaches.
The report identified the top four practises organisations are modifying to bolster their defences in response to escalating cyberthreats.
Humans are any security strategy’s biggest weakness, and this is clear from how training and awareness topped the list, with 63% of organisations increasing their efforts there.
Bolstering firewalls was a close second, with improvement efforts underway in 53% of organisations.
Adding an extra layer of security via multi-factor authentication (52%) and enhancing encryption to safeguard sensitive data (49%) rounded out the top four.
These modifications signal a shift towards proactive cybersecurity measures. However, the substantial gap between awareness and action persists.
When people receive reports of security breaches, they gain awareness. While this is the first step, potentially shifting their attitudes and increasing their sense of responsibility, this does not automatically translate to changes in behaviour or action.
Knowing something needs to be done is one thing; knowing what to do is another question entirely. This is the gap that must be bridged.
Investing in cybersecurity education benefits organisations, governments, businesses and industry leaders.
More than just cementing an organisation’s reputation as a responsible custodian of data, dedicated investment in opportunities for education, upskilling and re-skilling in cybersecurity future-proofs the workforce and ensures that the organisation firmly retains its competitive edge in a turbulent environment.
As such, initiatives like the 2023-2030 Australian Cyber Security Strategy and subsequent Australian Cyber Security Action Plan are vital. This strategic framework outlines a comprehensive plan to bolster the nation’s cybersecurity resilience, emphasising collaboration between the government, industries and the broader community to safeguard against cyberthreats.
By aligning with such a strategy, organisations can gain valuable insights and guidance to enhance their cybersecurity postures.
It is imperative for organisations to heed this strategy and prioritise action against threats to cybersecurity.
But this cannot be done without bridging the divide between awareness and action to fortify defences against the changing landscape.