Organisations urged to move from a response to readiness mindset
Organisations in Australia and New Zealand are being urged to have a "readiness mindset" amid cyberattacks, as a new report shows they overestimate their cyber preparedness.
Findings from Commvault's latest report revealed a major disconnect between business leaders and IT leaders when it comes to post-cyber incident recovery.
Four in five business leaders believe they can recover within five days of a cybersecurity event, but IT leaders say it will take an average of four weeks to restore minimum business operations.
In fact, the report found that 20% of ANZ businesses took an average of 45 days to fully recover from a cyber incident, almost double the global average of 24 days.
Companies that have not yet suffered a cyber incident were also more likely to rate themselves as excellent in their ability to maintain business operations with no disruption than those who were already attacked.
"We're not suggesting organisations are cybersecurity complacent – far from it," the report read.
"However, for those yet to be attacked, the data shows they have higher levels of optimism about their perceived strength of their cybersecurity capability and operational resiliency."
Gareth Russell, Field CTO, Asia Pacific, Commvault, underscored that true resilience is built before a point of cyberattack.
"We need to shift from a response mindset to a readiness mindset where one must ask the hard questions: 'If we were hit tomorrow, how quickly and how cleanly, could we recover?'" he said.
"If that answer isn't clear, then investment and focus are urgently needed."
Rising cyber incidents
The warning comes in the wake of rising cyberattacks in the region, with 70% of organisations saying they experienced a cyber-attack in the last 12 months, with almost all of them subjected to a ransomware demand.
More than half of businesses said they have a "no payment" ransomware policy, but 15% ended up paying anyway, according to the report.
Qantas is one of the most recent cases of cyberattacks, confirming last week that a cybercriminal targeted a call centre and gained access to a third-party customer servicing platform.
The incident, now contained, impacted customer data, according to Qantas, including names, email addresses, and Qantas Frequent Flyer details.
"Since the incident, we have put in place a number of additional cyber security measures to further protect our customers' data, and are continuing to review what happened," said Qantas Group CEO Vanessa Hudson in a statement.
Martin Creighan, Commvault's Vice President, Asia Pacific, said the rising frequency of cyberattacks across the region should be a wake-up call.
"With recovery times stretching into weeks, the risk to business continuity has never been higher. Resilience must be driven from the boardroom – not just the IT team," Creighan said in a statement.
