Telstra Issues Security Report for 2019

Recently, Australian telecommunications company Telstra released its Security Report 2019.  This whitepaper drew on interviews with 1,298 security professionals – 61 percent in Asia-Pacific (APAC) and 39 per cent in Europe – in businesses of all sizes across 13 countries.

Highlights of the Report included the following:

• Priorities: In the past 12 months, there has been “a material shift in the priorities of both defenders and attackers. Some aspects of security, like malware, are better-known. However, other emerging security technologies, though not as well understood, are high on the list of considerations to improve cyber defences. For example, 93 per cent of the global respondents are considering, trialling or have implemented next gen endpoint detection and response.”
• Data Breaches: “Breaches, defined as incidents that result in the confirmed disclosure of sensitive data to an unauthorised party, are on the rise. Our survey shows nearly two thirds of respondents have fallen victim to a security breach, showing these events are happening more frequently and continue to be more varied.”
• Phishing: In particular, of the 63 per cent of global respondents and 65 per cent of Australian respondents who reported that their business was interrupted due to a security breach in the past year, “35 per cent of Australian organisations reported phishing incidents on a weekly or monthly basis.”  The Report also noted that “[p]hishing is one of the most common ransomware infection vectors . . . .”
• Ransomware Attacks: Some of the most interesting findings concerned companies’ experiences with ransomware attacks:
  • Frequency: Across multiple regions, a significant percentage of companies that reported being interrupted due to a security breach in the past 12 months reported interruptions “on a weekly or monthly basis” from ransomware attacks:
    • Australia – 32 percent. In addition, 81 per cent of Australian respondents indicated they had experienced a ransomware attack at least once during 2018 – an increase of five percent over 2017.
    • APAC – 26 percent
    • Europe – 24 percent
    • Germany – 27 percent
    • France – 26 percent
    • United Kingdom – 19 percent
  • Ransom Payment: The Report stated that 51 percent of Australian respondents who were victims of ransomware reported paying the ransom – an increase of four percent year on year. “This rate is higher than in the APAC and European regions, where 48 per cent and 50 per cent respectively indicate having paid a ransom. Singapore and New Zealand both reported a higher incidence of ransomware attacks, and also report the highest rate of paying the ransom after an attack (61 per cent respectively).”
  • Success with Data Retrieval: The Report stated that 77 percent of Australian businesses that paid a ransom “were able to retrieve their data after making the payment” – a decrease of nine percent year on year. In contrast, the APAC and European regions reported much higher rates of retrieval (83 and 88 percent, respectively), and Germany and France has been higher retrieval rates (96 percent for both).
  • Willingness to Pay Again: A surprisingly high percentage of respondents indicated that they would pay the ransom again next time if no backup files were available:
    • Australia – 79 percent
    • APAC – 75 percent
    • Europe – 73 percent
    • Germany – 78 per cent
    • France – 68 percent

The Report also commented that “[w]hile ransomware is still pervasive and profitable for cyber criminals, most potential victims have adopted policies and safeguards against such attacks.”

• Cryptocurrency Attacks: “Many adversaries are now turning to cryptocurrency related products, which can often be bolted onto traditional malware and easily activated. The rise in popularity of these currencies makes this market attractive for crypto mining and cryptojacking.” The Report also stated that “[i]n some quarters in 2018, crypto mining was seen on a grand scale, making an appearance on all platforms, devices, operating systems, and in all browsers.”
• Advanced Persistent Threats (APTs): The Report stated that APTs have been a pervasive part of the cyber threat landscape year on year,” citing a recent report from FireEye that “shows an increased use of this attack type by nation-state groups, such as Iran.”
• Formjacking: Formjacking, “the injection of malicious JavaScript code that is written to steal credit card data and other information,” typically “occurs on untrustworthy e-commerce websites.”
• Defender Responses: “This year, an interesting trend is emerging where defenders are striking back. Awareness and understanding of the strategic importance of security is improving. In all regions we surveyed this year, businesses reported investing more resources in security awareness and training, more so than what we saw in our 2018 Security Report. This includes delivering formal education focusing on information management and incident response.”
• Corporate Attention to Cybersecurity: In 2018, “all respondents surveyed identified that within their role they are responsible for both cyber and electronic security within their organisation. There are also early signs of increased C-level participation. . . . Additionally, about one third of businesses told us that because of new regulations, the frequency of C-level and senior management meetings on security in Australia, APAC, and Europe is increasing.”

Note: The key message from the Report, in the words of Telstra Group Executive Michael Ebeld, is that “security has moved far beyond the maintenance of firewalls and is now a whole-of-business concern for C-level executives and boards.”  Although the Report’s survey population included only respondents from Australia, APAC, and Europe, cybersecurity and anti-fraud compliance teams at companies, of all sizes and in all industries, that do business internationally should take note of these principal findings, and include them in their briefings to C-level officials and board members.