A recent series of damaging, high-profile data leaks in Australia has changed the way Australian organizations approach enterprise security and procure cybersecurity services, according to a new research report published by Information Services Group (ISG) a leading global technology research and advisory firm.
CIO INFLUENCE: CIO Influence Interview with Russ Ernst, Chief Technology Officer at Blancco
“Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.”
The 2023 ISG Provider Lens Cybersecurity — Solutions and Services report for Australia finds that the attacks revealed escalating threats and changed cybersecurity from solely an IT issue to a closely monitored enterprise challenge.
“Australian companies recognize the business dangers of data leaks,” said Joyce Harkness, director, ISG Cybersecurity, for ANZ and Asia Pacific. “Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.”
The Australian government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organizations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives. More recently, the national government unveiled the 2023-2030 Australian Cyber Security Strategy, aimed at making Australia one of the most cyber secure nations in the world by 2030; appointed the nation’s first cyber security coordinator, and began operationalizing the Security of Critical Infrastructure Act 2018.
Recent attacks revealed that even large Australian enterprises have cyber capability gaps, the report says. Most had invested heavily in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the attack surface has expanded with the rise of remote work, digital engagement, an expanding supply chain and IoT. Mistakes inside organizations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.
As a result, Australian enterprises have begun to assess their risk tolerance, evaluate current controls and take an “assume breach” approach, recognizing that not all breaches can be prevented and focusing on rapid detection and response, ISG says.
As they migrate to the cloud over the next few years, many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report says.
Companies with multiple cybersecurity tools, which often generate false positives that require manual intervention, will also need greater automation and interoperability to relieve the pressure on security operations centers (SOCs). The role of AI is expected to grow exponentially, often to secure IoT assets.
Read More: CIO Influence Interview with Chris Lubasch, Chief Data Officer & RVP DACH at Snowplow
“We expect strong growth in the Australian security market over the next five years,” said Jan Erik Aase, partner and global leader, ISG Provider Lens Research. “Enterprises and providers will be investing heavily in both new technologies and essential skills.”
The report also explores other cybersecurity trends in Australia, including the increasing adoption of zero-trust frameworks and next-generation identity and access management (IAM) to maintain high-level security while enabling improved customer experience.
The 2023 ISG Provider Lens™ Cybersecurity — Solutions and Services report for Australia evaluates the capabilities of 82 providers across six quadrants: Identity and Access Management (IAM), Extended Detection and Response (XDR), Security Service Edge (SSE), Technical Security Services, Strategic Security Services, and Managed Security Services – SOC.
The report names IBM as a Leader in four quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, NTT DATA, Telstra, Tesserent, Verizon Business and Wipro as Leaders in three quadrants each. Microsoft is named as a Leader in two quadrants. Bitdefender, Broadcom, Cato Networks, CGI, Cisco, CrowdStrike, CyberArk, EY, Forcepoint, HCLTech, Infosys, Kasada, KPMG, Netskope, Okta, Palo Alto Networks, Ping Identity, PwC, SailPoint, Tech Mahindra, Unisys, Versa Networks, VMware and Zscaler are named as Leaders in one quadrant each.
In addition, Kyndryl is named as a Rising Star — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. BeyondTrust, HPE (Aruba), Macquarie Telecom Group and SentinelOne are named as Rising Stars in one quadrant each.
CIO INFLUENCE: CIO Influence Interview with Bill Lobig, VP of Product Management at IBM Automation
[To share your insights with us, please write to sghosh@martechseries.com]