Despite repeated warnings from law enforcement and intelligence agencies, Australian organisations continue to pay ransomware attackers as they are still unprepared to address the hazards hybrid IT environments pose.
New research from Rubrik Zero Labs found that 91% of local security leaders paid a ransom in the past year.
Results are based on insights from 1,625 IT and security leaders across 10 countries (half of whom were CIOs or CISOs), conducted in partnership with Wakefield. The findings are amplified by Rubrik telemetry data, which covers 2024.
Respondents were based in Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, the United Kingdom and the United States.
Findings show that 92% of local organisations experienced a cyberattack last year.In a typical ransomware attack, the victim would be able to restart their operations by recovering data from their backup systems. However, Rubrik’s research found these systems were routinely being compromised during an attack to disrupt recovery attempts.
Of the Australian IT and security leaders that experienced a ransomware attack, 78% said the threat actors were able to at least partially harm backup and recovery options – more than a third (35%) said the attackers were completely successful in doing so.
“Paying an attacker, supports the cybercrime business model, encourages further attacks and continues the cycle,” said David Rajkovic, Rubrik VP in Australia-New Zealand.
“Unfortunately, we’re seeing Australian organisations lulled into a false sense of security from the attack prevention focused security measures they’ve implemented and being completely unprepared once those defences have been thwarted,” said Rajkovic.
While sophisticated attack strategies were part of the problem, an expanding attack surface due to the proliferation of SaaS platforms was making the challenge more acute for local security leaders.
Almost all (98%) of Australian respondents said they were using between two and five cloud and SaaS platforms for data storage, applications, and services. More than two-thirds (66%) said they were planning to increase their use of cloud and SaaS-based services over the next year.
As the use of these platforms increased, local security leaders reported that protecting their data was becoming more difficult.
In particular, Australian organisations highlighted securing sensitive data across multiple environments (38%), data compliance and privacy concerns (34%), and lack of centralised management (34%) as the key challenges they were encountering.
“Attackers are no longer breaking in, they’re logging in. They are increasingly stealing credentials to compromise their victims’ cloud and SaaS platforms,” Rajkovic said.
“This demands a shift in defence strategies and the adoption of an ‘assumed breach mindset,’ he added. “Prevention strategies are critical, but they need to be complemented with a robust recovery strategy for when those measures fail – one that ensures cyber resilience and gets the business back up and running as quickly as possible.”
