Australian security leaders are increasingly concerned about the state of security since the pandemic began in March. More than half (55 per cent) believe their organisation is likely to experience a data breach due to COVID-19. The figures are contained in new research from HackerOne and its fourth annual Hacker-Powered Security Report
The findings are the results of a survey of 200 Australian security leaders and found – beyond salient concerns around the impact of attacks – that 35 per cent of businesses had their in-house security teams reduced and a quarter (26%) had their budgets decreased amidst the pandemic.
This comes as many businesses have been ramping up digital transformation efforts to better handle the pandemic, including moves to invest in remote work or delivering services online through the adoption of tools like videoconferencing, digital workspaces, cloud-based collaboration platforms, and sometimes new proprietary technology. Over a third (36%) have accelerated digital initiatives as a direct result of COVID-19 and 30% have increased cloud migrations to manage workloads remotely.
Among the other findings
- One in five (22 per cent) of security leaders say they have had to go through a digital transformation ahead of their planned roadmap as a result of COVID-19
- 28 per cent report they have had to switch priorities during the pandemic: from application security to securing the use of working from home and collaboration tools
- More than half (53 per cent) of security leaders feel under scrutiny to prove the business takes information security seriously
- Six out of 10 (58 per cent) say their organisation is more concerned about meeting compliance requirements than improving information security
- 56 per cent of security leaders believe that the COVID-19 pandemic will cause their organisation to improve their information security posture.
This rapid shift and digitisation of materials have led to a broadened attack surface, with greater amounts of data placed online – including sensitive customer or citizen data.
Many Australian businesses have already seen an increase in attacks on their IT systems according to the report; one-third of respondents report this happened due to COVID-19. Globally, hackers reported 28% more software vulnerabilities per month during the pandemic than before it.
“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.”
The research also revealed that IT and security teams share concerns around the impact of a data breach. Over half (53%) are more worried about the financial repercussions – rather than reputational damage – that a data breach could cause, especially since the average data breach costs an Australian business AUD$2.91 million, a far cry from the AUD$1339 (US$979) average price tag of a vulnerability on HackerOne. With many businesses already under significant financial pressure, the cost of a data breach could have a major impact.
The report finds that while APAC has shown strong growth in adopting hacker-powered security – nearly doubling at 93 per cent – there is opportunity for more businesses to improve their security through bug bounties or other hacker-powered programs.
“It’s no surprise that we’re seeing great interest in Australia in adopting hacker-powered security. Even traditional businesses see the benefits of using ethical hackers, especially at a time when the attack surface has greatly expanded as a result of COVID-19. As we adjust to the new normal, security teams have realized that it’s more important to improve security and protect valuable data than ever before,” said Laurie Mercer, Security Engineer at HackerOne.