03 Mar Cybersecurity Australia Q3 2015
A SPECIAL REPORT FROM THE EDITORS AT CYBERSECURITY VENTURES
Cybersecurity Australia provides market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, and resources for chief information security officers (CISOs) and IT security staff.
Australia’s cyber security economy rapidly expanding
- Analyst firm Frost & Sullivan forecasted the cybersecurity market in Australia and New Zealand to reach revenues of more than $1.6 billion (USD) by 2019. This is up from a little over $590 million in 2012.
- According to the “Cyber Security Review”, published in late 2014 by the Prime Minister, Australia faces real and growing cyber threats. In the year prior, the Australian Signals Directorate responded to 940 cyber incidents involving Government agencies, a 37 percent increase over the year before that.
- The risks are also very real for the private sector, states the “Cyber Security Review”. The direct cost of cybercrime to Australia in the twelve month period from November 2013 to November 2014 was estimated at more than $1 billion.
- Cisco’s response to the Australian Government Cyber Security Review states “As an early adopter of cloud, the Internet of Things (IoT), and other new technologies, Australia is well placed to become a hub of innovation and digital development that will drive Australia’s future economic prosperity. For this opportunity to be realized however, cybersecurity must be recognized in all aspects of national strategy.”
- “Cyber insecurity is taxing Australia’s growth potential” states the Cisco response. “Globally, national losses from cyber security incidents are estimated to be as high as 1 percent of GDP, which for Australia, could be as much as $17 billion dollars per year. There is already a global shortage of approximately one million cybersecurity professionals, and this number continues to grow. This problem extends to Australia, as most organizations do not have the people or the systems to continuously monitor extended networks and detect infiltrations.”
- The Australian Cyber Security Centre (ACSC) recently released its first ever unclassified cyber security threat report. According to the report, the cyber threat to Australian organizations is undeniable, unrelenting and continues to grow. The incidence of cybercrime attacks has increased 20 percent in the last year, to 1131 attacks. This is up from 313 attacks per year in 2011.
- Australia’s systems of national interest and critical infrastructure are vulnerable to malicious cyber activity, according to the ACSC report. In 2014, CERT Australia responded to 11,073 cyber security incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government. In 2014, the top five non-government sectors assisted by CERT Australia in relation to cyber security incidents were: energy, banking and financial services, communications, defence industry, and transport.
- The “Telstra Cybersecurity Report 2014” states that major security incidents hit 4 out of 10 Australian organizations surveyed, and 41 percent of respondents have had a major security incident in the last 3 years, with the hardest-hit organizations operating in the IT & Technology, Government & Public Sector and the Oil & Gas industries. An alarming statistic is that of those organizations which experienced some kind of breach in the last 3 years, 15 percent didn’t know how it happened. The majority of organizations perceived themselves as “Not Ready” to respond to and mitigate a security breach, regardless of whether or not they had a security incident.
- Today’s DDoS attackers can assemble botnet armies capable of overwhelming (Australian) targets with over 100 gigabits of traffic, according to the “Telstra Cybersecurity Report 2014”. To combat DDoS attacks, Telstra, Australia’s leading telecommunications and information services company, recommends Australian companies should engage with DDoS prevention specialists, as such providers’ expertise goes well beyond that of security generalists.
- TechnologySpectator, published by BusinessSpectator – Australia’s number one digital-only premium business product read by around 500,000 Australian professionals, business owners, executives and investors every month – explained in an article contributed last summer by Kevin Taylor, President of BT Global Services for Asia, why Australia was the No. 1 DDoS target. Their DDoS research report found that 64 percent of Australian organizations were hit by DDoS attacks over the prior year, which was the highest out of all 11 geographical areas measured in the report.
- “Only 24 percent of Australian organizations are convinced that they have sufficient resources in place to counteract a DDoS attack” according to the TechnologySpectator article. “Getting the right protection is crucial. Firewalls and IDP/IPS devices are not enough to combat against these particular attacks as they themselves are often targeted by DDoS attackers. Organizations need a higher level security solution to protect not only the network infrastructure but the devices that initially provide protection. A system with a single platform for detection and mitigation is essential.”
- “As the DDoS threatscape expands, we expect to see the emergence of specialty firms who are organized entirely around DDoS protection – including DDoS risk assessment, DDoS attack testing, and DDoS prevention planning” says Steve Morgan, Editor-In-Chief of the quarterly Cybersecurity Market Report published by Cybersecurity Ventures in Menlo Park, Calif. “You need to be an inch-wide and a mile-deep around DDoS to effectively combat today’s denial of service perpetrators. If you’re not working with hard-core DDoS defenders and experts, then you are bringing a knife to a gun fight. Some of the DDoS threats are that serious, and they can take a company down. We further expect to see partnerships arise between the large telecom, IT infrastructure, and managed security providers who will engage the niche DDoS firms for value-added DDoS protection services.”
- Despite cybersecurity urgency, Australian security specialists are still not earning salary premiums, according to a recent article that appeared in CSO Australia. A new Australian Computer Society analysis which drew on the Australian Bureau of Statistics figures states that Australian ICT security specialists are earning less than ICT sales professionals, network specialists, telecommunications engineers, and other skilled ICT professionals.
- In late 2014, the Australian Government announced that they would be reviewing Australia’s cybersecurity strategy to better protect Australia’s networks from cyber attack. The Department of the Prime Minister and Cabinet leads the Cyber Security Review assisted by a panel of experts including Jennifer Westacott, CEO of the Business Council of Australia, John Stewart, Chief Security and Trust Officer at Cisco Systems in the U.S., Mike Burgess, Chief Information Security Officer at Telstra, and Dr. Tobias Feakin, Director of the International Cyber Policy Centre at the Australian Strategic Policy Institute.
- The Prime Minister chaired Australia’s first Cyber Security Summit with Chief Executive Officers and Chairmen in July of 2015 in Sydney. Over the past six months, the Cyber Security Review team has met with more than 180 organizations. This period of consultation and the summit will help shape the Australian Government’s new Cyber Security Strategy.
- In April 2015, KPMG Australia acquired First Point Global, a leading adviser on Cyber Security and implementer of Identity and Access Management (IAM) solutions to clients across the Asia Pacific region. This combined group has formed to become KPMG First Point Global. With investors and regulators increasingly challenging boards for greater transparency around major breaches and the impact on business, KPMG First Point Global will offer an integrated cyber service spanning consulting, systems implementation and ongoing support.
- CRN Australia reported in early 2015 that two Australian firms – Nuix and Quintessence Labs – scored spots on the inaugural Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Cybersecurity Ventures is currently reviewing Australian cybersecurity firms for potential inclusion on its Q4 2015 edition, due out in October.
- The Gartner Security & Risk Management Summit is being held August 24-25, 2015 in Sydney Australia. The event attracts Australian government and corporate CISOs, Risk Officers, Privacy and Compliance Officers, and IT security professionals.
- CySCA 2015, organised and conducted by the Australian Government, Telstra and Australian universities, is Australia’s fourth national cyber security competition. The virtual event on September 30th, 2015 is designed to excite, inspire, attract and help Australia’s talented people to become their next generation of cybersecurity professionals.
- Australian businesses who are hacked should immediately contact CERT Australia (the CERT), the national computer emergency response team. It is the single point of contact in Government for cyber security issues affecting major Australian businesses. The CERT is part of the Australian Attorney-General’s Department. It also works in the Cyber Security Operations Centre, sharing information with the Australian Federal Police (AFP), the Australian Security Intelligence Organisation (ASIO), and the Australian Signals Directorate (ASD).
Steven C. Morgan, Editor-In-Chief
- is Founder and CEO at Cybersecurity Ventures, and Editor-In-Chief of the Cybersecurity Market Report and the Cybersecurity 500 list of the world’s hottest and most innovative cybersecurity companies. Steve writes the weekly Cybersecurity Business Report for IDG’s CSO, and he is a contributing writer for several business, technology, and cybersecurity media properties.
© 2015 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this Report by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited.