New report reveals high-risk employee behaviors making Australian organizations more vulnerable to cyberattacks

Sydney, 5 October 2022 – Barracuda, a trusted partner and leading provider of cloud-first security solutions, today released a new research report, The State of Cyber Resilience in Australia 2022, which shows how employee security behaviors and hybrid working are making Australian businesses more vulnerable to cyberattacks.

The findings reveal that 60% of employees assume links in emails are safe to click on if the message came through the corporate email system, and 22% download and install unapproved software onto devices used for work. Just over half (51%) of employees surveyed had been directly impacted by a cyberattack in the last 12 months.

The study surveyed 504 Australian IT decision-makers and non-IT workers in organizations of at least 50 employees. Key findings include:

Organizations are intensely vulnerable to email-borne threats

  • 52% of mobile users will click on a link if it comes from a “sender” that they trust.
  • 60% of respondents assume a link in an email is safe to click on if the email has come through the corporate IT system.
  • 20% of those who clicked on a malicious link only discovered this when their machine was infected with malware or ransomware.
  • 37% of respondents have not had training in key areas of cybersecurity awareness such as email security, malware, or ransomware, and 14% have had no training at all.

Security takes a backseat to flexibility and productivity – with senior management left most at risk

  • 44% of respondents say that security systems prevent them from working efficiently.
  • 33% admit to bending the rules to get a job done. This includes using a non-approved browser (31%), running traffic through a private VPN (29%), and using unauthorized third-party software (22%).
  • Senior managers are the most likely to bend the rules, with 52% saying they use unauthorized third-party software or cloud services to complete their work.

“Flexibility and agility have become key business mantras, but our research suggests that in increasingly hybrid work environments, some organizations and employees may be flexing too far and bending cybersecurity rules ‘to get a job done’,” said Mark Lukie, Sales Engineering Director, Barracuda APAC. “We also uncovered a lack of awareness regarding cybersecurity that could be leaving organizations exposed. Australian organizations need to urgently review their hybrid and work-from-home environments, commit to the adoption of best security practices like the Australian Cyber Security Centre’s Essential Eight1 framework, and provide cybersecurity hygiene refresher training to staff, in order to protect against today’s evolving email threats, application vulnerabilities and the ever-present risk of data breaches.”

The research also found that there is limited use of multi-factor authentication (MFA) among Australian businesses. 40% of the respondents said they do not have MFA in place but rely on password management to protect credentials, while 74% of them said that remembering new complex passwords is a challenge.

The research was undertaken by StollzNow Research for Barracuda to get Australian organizations’ perspectives on the security challenges of remote work arrangements and other issues related to security culture and training in the workplace.

###

Resources:

Download the full report: https://www.barracuda.com/the-state-of-cyber-resilience-au

Read the blog post: http://cuda.co/51696

 

About Barracuda 

 At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.

[1] The Essential Eight framework from the Australian Cyber Security Centre provides eight essential mitigation strategies to help businesses harden their defense against attacks, September 2022, https://www.cyber.gov.au/acsc/view-all-content/essential-eight