Research by HackerOne, the world’s most trusted hacker-powered security platform, has revealed Australian security leaders are increasingly concerned about the state of security since the pandemic began in March. More than half (55%) believe their organisation is likely to experience a data breach due to COVID-19.
The findings, part of HackerOne’s fourth annual Hacker-Powered Security Report, are the results of a survey of 200 Australian security leaders and found – beyond salient concerns around the impact of attacks – that 35% of businesses had their in-house security teams reduced and a quarter (26%) had their budgets decreased amidst the pandemic.
This comes as many businesses have been ramping up digital transformation efforts to better handle the pandemic, including moves to invest in remote work or delivering services online through the adoption of tools like videoconferencing, digital workspaces, cloud-based collaboration platforms, and sometimes new proprietary technology. Over a third (36%) have accelerated digital initiatives as a direct result of COVID-19 and 30% have increased cloud migrations to manage workloads remotely. This rapid shift and digitisation of materials have led to a broadened attack surface, with greater amounts of data placed online – including sensitive customer or citizen data.
Many Australian businesses have already seen an increase in attacks on their IT systems; one-third of respondents report this happened due to COVID-19. Globally, hackers reported 28% more software vulnerabilities per month during the pandemic than before it.
“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.”
The research also revealed that IT and security teams share concerns around the impact of a data breach. Over half (53%) are more worried about the financial repercussions – rather than reputational damage – that a data breach could cause, especially since the average data breach costs an Australian businessAUD$2.91 million, a far cry from the AUD$1339 (US$979) average price tag of a vulnerability on HackerOne. With many businesses already under significant financial pressure, the cost of a data breach could have a major impact.
The report finds that while APAC has shown strong growth in adopting hacker-powered security – nearly doubling at 93% – there is opportunity for more businesses to improve their security through bug bounties or other hacker-powered programs.
“It’s no surprise that we’re seeing great interest in Australia in adopting hacker-powered security. Even traditional businesses see the benefits of using ethical hackers, especially at a time when the attack surface has greatly expanded as a result of COVID-19. As we adjust to the new normal, security teams have realized that it’s more important to improve security and protect valuable data than ever before,” said Laurie Mercer, Security Engineer at HackerOne.
*The full report is available at this link.*