Australia’s cyber security landscape is looking grim

Cyber security has become one of the most important considerations for companies in the current, digitised world. Australia seems to be lacking behind the rest of the world in implementation, however, and the consequences could be damaging.

Global security training is imperative in the modern workforce. According to KnowBe4’s 2024 Security Culture Report, “the world may be your oyster, but how does it fare when looking at cyber security culture? Approximately 5.35 billion people have internet access, which means 66.2 per cent of the global population are potential targets for criminals.”

The report touched on the global state of cyber security. Outlined was the Security Culture Index, which is based on the following scores:

• Excellent: 90 to 100
• Good: 80 to 89
• Moderate: 70 to 79
• Mediocre: 60 to 69
• Poor: 0 to 59

As far as global security awareness goes, Oceania fares poorly compared to the rest of the world. The Security Culture Index of each continent was examined, with the results being:

• Asia (73)
• Europe (73)
• North America (73)
• Africa (72)
• South America (71)
• Oceania (71)

There is clearly more Australia can do to boost its security awareness, as we got an individual score of 71. While it’s not as bad as Indonesia’s 65, it’s a far cry from Bulgaria’s 82.

“There are many issues around the globe impacting organisations when it comes to security culture. Cyber crime remains a priority for many organisations. The focus is largely on issues such as ransomware while ignoring the fact that social engineering remains the most prevalent method of deploying ransomware,” said KnowBe4.

“In 2023, these events left a lasting impact. The shifts to remote or hybrid working models required rapid deployment of technology and incurred cyber debt in the process, which negatively impacted many organisations.”

The report continued: “As the COVID-induced panic buying of toilet rolls was starting to wane, global events introduced a new set of complex risks. In 2022, Russia invaded Ukraine, while the following year brought escalating conflict in the Middle East. These are significant because we’ve seen how cyber security has played a prominent role not only among those directly involved in such conflicts but also among supporters from afar.”

Artificial intelligence (AI) is also playing a decisive role in cyber crime. The report revealed that AI “will probably have some of the most profound cyber security impacts on organisations and individuals”. This tech is already being used to promote misinformation and even enhance and automate cyber attacks.

AI has the potential to be a catalyst for cyber crime in the coming years, with criminals already beginning to add the tech to their arsenal.

Awareness and regulation are the paths to mitigating issues. While governments could certainly assist in this, employers also play a responsibility in keeping employees well versed on security measures. The consequences of not doing so could be fatal for organisations.

The report stated: “For their part, organisations need to look at the human challenge and not treat this as a technological issue. Unlike patching computers, ‘patching’ humans requires a sustained effort of awareness and training. To quote Nelson Mandela, ‘Education is the most powerful weapon which you can use to change the world.’”

Businesses can perform their own security checks to determine how encompassing their processes are. According to KnowBe4, there are five “maturity” levels to organisational security:

Level one: Basic compliance

• Bare minimum of training
• Limited metrics
• “Check the box”

Level two: Security awareness foundation

• At least annual and onboarding training
• Occasional phishing simulations
• Focus on a variety of content

Level three: Programmatic security awareness and behaviour

• Intentional awareness program with integrated tools
• Quarterly training with simulated phishing
• Focus on security-aware behaviours

Level four: Security behaviour and management

• Continuous training across varied delivery methods and audiences
• Heavy use of integrated tools to inform training strategy
• Program focused on real behaviour change

Level five: Sustainable security culture

• Program that intentionally measures, shapes and reinforces security culture
• Multiple methods of behaviour-based encouragement
• Security values woven through the fabric of the entire organisation