There has been a “significant surge” in the number of ransomware attacks in Australia, according to the inaugural Australian Cyber Security Centre (ACSC) survey of major Australian businesses.
Seventy-two per cent of respondents in the survey (PDF) experienced ransomware-linked incidents in 2015, the survey found.
The survey involved 149 major Australian businesses that partner with the ACSC, drawn from a range of sectors including defence, energy, banking, communications, water services, mining, transport, government, retail and health.
In the 2013 CERT Australia Cyber Crime and Security Survey only 17 per cent of security incidents were linked to ransomware.
(CERT Australia participates in the ACSC, which launched in late 2014.)
The ACSC survey found that ransomware is the security threat causing most concern among respondents (72 per cent), followed by the theft or breach of confidential information (70 per cent) and advanced persistent threats (66 per cent).
Fifty per cent of respondents had experienced at least one security incident in the past year.
Ninety two per cent of respondents that experienced an incident indicated that the threat had been identified in the organisation’s risk register (up from 39 per cent in the 2013 survey).
The trusted insider was the actor of most concern to respondents (60 per cent) followed by issue motivated groups or hacktivists (55 per cent).
Only 3 per cent of the respondents reported that they did not have an IT security area. This compares to the 16 per cent of organisations that indicated in the 2013 survey that they did not have any staff dedicated to the role.
The ACSC survey also found that 56 per cent of respondents increased security spending during the past 12 months (in 2013 when only 27 per cent of respondents reported an increase).
The survey found a high level of implementation of the Australian Signals Directorate's (ASD) ‘top four’ mitigation strategies, with over 90 per cent of respondents claiming they had adopted at least three of the four strategies.
The top four strategies are application whitelisting, patching systems, restricting administrative privileges and creating a defence-in-depth system.
Thirty six per cent of those surveyed had a presence outside Australia with 79 per cent of those taking their internationally connected networks into consideration with their cyber security posture. This was up from the 2013 survey when 55 per cent took overseas networks into account.