How People, Process and Technology Challenges are Standing in the Way of Preventive Security in Australia

Uncover the obstacles hindering preventive cybersecurity and ways to build cyber resilience for your Australian organisation in a commissioned study conducted in 2023 by Forrester Consulting on behalf of Tenable.

With cybersecurity programs facing unprecedented levels of regulatory scrutiny as the government plans to hold boards ultimately accountable for cyberattacks, Australian businesses are grappling with the urgent and daunting task of adopting preventive cybersecurity practices. Australian organisations are challenged to obtain an accurate picture of their attack surface, but people, process, and technology issues continue to create friction, hindering organisations from effectively mitigating cyber risks. 

A new white paper, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia”, reveals that, in the last two years, the average organisation was prepared to preventively defend 58% of the cyberattacks they encountered. However, having only this much coverage leaves them vulnerable to 42% of these attacks, which they were forced to reactively mitigate rather than stop altogether. 

Three-quarters (75%) of security and IT leaders believe their organisation would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity. The white paper is based on a commissioned survey of 825 cybersecurity and IT leaders, including 100 Australian respondents, conducted in 2023 by Forrester Consulting on behalf of Tenable.

Challenges at a glance

People Challenges: Cybersecurity and IT teams are often siloed and their performance is evaluated using separate and contradictory criteria and goals. Internal attitudes make coordination between IT and security teams difficult and time-consuming. 

The study reveals a striking statistic: Over half (56%) of respondents concur that their cybersecurity teams are mired in a perpetual battle against critical incidents, leaving them little time to adopt a proactive approach to reducing their organisation's cyber risk. 

Process Challenges: Managing a plethora of third-party technologies without proper processes can make Australian organisations vulnerable. In the era of cloud-based services and applications, nearly two-thirds of respondents (65%) rely on third-party programs for managing SaaS apps and services. However, little under half (46%) have high and very high visibility into third-party environments. This lack of visibility can be a ticking time bomb, as it creates potential blind spots that cyber attackers could exploit.

Technology Challenges: Professionals using siloed tools are unable to determine the relationships among users, systems and software, and different measurement metrics among all the different tools make it difficult to accurately assess risk. While most respondents (74%) say they consider user identity and access privileges when they prioritise vulnerabilities for remediation, more than half (53%) say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices.

Tackling these challenges with exposure management

Amidst these challenges, there is a silver lining. Australian organisations, irrespective of their current cybersecurity maturity level, have the power to take proactive steps toward reducing cyber risk. The key to overcoming these hurdles lies in implementing a robust exposure management program.

An exposure management program empowers organisations to assess their vulnerabilities, prioritise remediation efforts and streamline their cybersecurity operations. By shifting the focus from reactive measures to proactive strategies, businesses can stay ahead of cyber threats and fortify their defences.

By addressing these challenges head-on and embracing a proactive approach to cybersecurity, Australian businesses can safeguard their digital assets, customer trust and their overall reputation. The study serves as a wake-up call, highlighting the urgency of taking action. It's time for Australian organisations to shed old habits, empower their teams and embrace a future where preventive cybersecurity reigns supreme.

To learn more about these challenges, gain insights into how the most mature organisations are addressing them and see recommendations for how to overcome these challenges, download the white paper, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia”.