Australian Organisations Lack High Priority Data Security Practices

31 percent of Workers Indicate that Corporate Confidential Information is at Risk

SYDNEY—3 September 2015—LogRhythm, the world’s fastest growing security intelligence company, today announced the results of its Australian Workplace Security Study which highlights the need for better enforcement of corporate data security measures. Nearly a third (31 percent) of respondents to the survey – 1003 employees and managers of large organisations across Australia - reported that there has been at least one recent ‘security event’ at their workplace.

When asked about vulnerabilities, a third (33 percent) of employees and 43 percent of managers said that confidential company information is susceptible to being stolen or accessed by unauthorised people. 72 percent of workers believe the greatest threat to data security is employee related due to them downloading infected files or malware, or simply not thinking about security. And 16 percent admitted to accessing documents that they shouldn’t really be looking at while at work.

The extent of data security exposure that Australian organisations are facing can be seen when relatively small overall percentages are extrapolated into real numbers: the 12 percent of respondents who admitted to having accessed or taken confidential documents from their workplace without proper authority potentially equates to 719,000 employees across Australia. Of great concern too is that from that group of respondents, 7 percent did so after they had stopped working for the company – the main reason being to help them in their new job. This is a very real example of lost confidentiality and IP.

Encouragingly, 95 percent of managers say that their company ‘is serious about the security of information’ and that the majority of its employees take information security seriously (40 percent say that ‘everyone’ takes it seriously and a further 46 percent say that ‘the majority take it seriously’). But LogRhythm is concerned by the 5 percent that say their company is ‘not very serious about the security of information’ as this figure extrapolates to 59,000 managers nationally.

With the growing practice of working from home, organisations are facing additional risks: 45 percent of workers and 68 percent of managers have checked work email while at home. And more than one in five (22 percent of workers) transfer confidential information, even if it is to be used for legitimate work purposes at home, to a personal computer, laptop or USB stick. Without strict policies and training, this activity opens the organisation to the risks of loss or malware attack.

It is essential that today’s advanced data security technologies are supported by security conscious workplaces.

Simon Howe, LogRhythm’s ANZ Sales Director, said: “Raising awareness of cybercrime and the dangers to corporations, their employees and customers is crucial to building a culture that always has data security front of mind. We at LogRhythm view cybersecurity education as one of our primary drivers. This then flows into equipping individuals with the right tools to help them tackle the threat of costly and disruptive cybercrime.”

LogRhythm’s survey of employee practices identifies potential areas of security weakness at a time when the impact of cybercrime has been quantified by the Australian Crime Commission which says breaches are costing this country at least $1 billion each year. And the Australian Communications and Media Authority’s Australian Internet Security Initiative found that, on average each day, up to 15,000 systems are compromised. Recent high profile attacks include Telstra’s Asian-based data centre and undersea cable operator Pacnet which was hacked earlier this year exposing its corporate customers, including the Australian Federal Police, to a potentially massive security breach. And in March this year Linux Australia took a proactive approach to an attack on its servers and provided a details on what information was taken and how it responded.

“As enterprises go global and workers access confidential data and documents across different mediums, the attack surface for cyber criminals is becoming larger,” Howe said. “In this age where cyber attacks are growing more sophisticated and profitable by the day, there is no question that your organisation will be breached. It’s time to find out how to find the hackers when they get in and how to kick them out before they get to do real damage.”

LogRhythm Top Tips for a Security Conscious Workplace:

  1. Understand how employees are accessing their work files and build a security solution that will enable them to do their work and not compromise your system.
  2. More than 60 percent of cyber attacks originate from breach of credentials. Remember to tell your employees to store them in a secure location!
  3. Employees are great assets to a company but internal breaches are one of the hardest threats to mitigate. Organisations need a solution that will enable them to reduce the mean time to detect such threats and respond before material damage is done.

About the Study

The Workplace Security study of 1003 employees from mid-large Australian corporations (20+ employees) was conducted by Galaxy Research as on an online permission-based panel during June 2015.

A representative sample of Australians aged 18-64 years was drawn in proportion to age, gender and location across Australia and eligibility was determined by work status (full-time or part-time) and number of employees at their place of work (20+ employees).

The survey was also conducted in Hong Kong and Singapore.

About LogRhythm

LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled security operations center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.