Australian enterprises lag in patching security flaws

Australian enterprises are lagging far behind their international peers in terms of patching vulnerable applications, and are paying the price, new research from Cisco suggests.

A global survey of 2800 security professionals in 13 countries found that 59% of Australian respondents to a global survey reported having an incident caused by an unpatched vulnerability — 13% higher than the global average — the company’s latest CISO Benchmark Report states.

In addition, 42% of Australian respondents report finding managing an increasingly complex multivendor security environment very challenging.

As a result of these issues, 58% of Australian respondents reported feeling cyber fatigue, compared to 37% in the US and 37% in the EMEA region.

But the report did find some bright spots. The report found that post-breach voluntary disclosures are at their highest level since Cisco started the survey five years ago, suggesting that the government’s notifiable data breach regime is bearing fruit.

More than three-quarters (77%) of Australian respondents said their most recent security breach became known to the public because of voluntary disclosure, well above the global average of 61%.

Meanwhile, the survey found that security is a high priority for 91% of Australian executive leadership teams, with 74% of Australian respondents reporting plans to increase automation to ramp up their security ecosystems.

Other areas of focus include clarification of roles within the company, as well as establishing clear metrics for cyber risk and resilience.

But Cisco Australia and New Zealand’s Director of Cyber Security, Steve Moros, said the survey’s other findings raise the question of whether this increased scrutiny is paying off.

“The fact that 91% of Australian executive leadership teams see security as a high priority is a great news, but there remain important challenges locally that need to be addressed such as vulnerability patching, mobile devices and public/private cloud platforms management, multivendor environments as well as cyber fatigue,” he said.

“As organisations are faced with accelerating digital transformation due to unprecedented external factors, the need for agile security, simplification and automation is now a necessity. Cloud security, automation, vendor consolidation and collaboration are key to solving the complexity of cybersecurity and mobile workforce protection, and ultimately to securing Australia.”

Image credit: ©stock.adobe.com/au/zoommachine