The landscape of cybersecurity is ever-evolving, driven by both advanced technologies and increasingly sophisticated cyber threats. The Kaseya Cybersecurity Survey Report provides crucial insights into the latest cybersecurity challenges, industry responses, and the role of emerging technologies like artificial intelligence (AI).
Below, we explore key findings from this report, shedding light on the progress companies are making and the persistent hurdles they face in safeguarding their digital environments.
Fewer companies are paying ransoms when faced with ransomware attacks. Only 11% of businesses opted to pay attackers, indicating a shift toward resilience over surrender. This shift reflects increased investments in robust backup and recovery solutions that reduce reliance on ransom payments.
Notably, 44% of organisations successfully restored data from backups without resorting to payment. This underscores the effectiveness of proactive measures in mitigating ransomware damage.
Despite these advancements, ransomware remains a persistent concern. Approximately 15% of respondents identified it as a key issue, alongside other critical threats like phishing (50%) and business email compromise (28%).
The survey revealed a substantial drop in supply chain attacks. Only 19% of organisations experienced such incidents in 2024, compared to 61% in 2023. This decline suggests that companies are strengthening their supply chain defences.
This is a positive development because third-party vulnerabilities can significantly disrupt business operations. Contributing to this improvement is the ongoing investment in advanced security solutions, such as file backup (70%) and security awareness training (69%).
These tools help organisations effectively monitor, detect, and address vulnerabilities across the supply chain.
Human behaviour continues to be a major cybersecurity vulnerability. A significant 80% of respondents attributed their cybersecurity issues to inadequate user training or poor practices.
The report highlights a rise in concerns about user behaviour. Now, 45% of organisations view user behaviour as a top cause of cybersecurity challenges, up from 15% in 2023.
Poor user practices and a lack of cybersecurity training emerged as leading causes of security issues, with 44% of respondents attributing challenges to insufficient training. These findings underscore the need to prioritise user education as a vital defence strategy.
Improved user practices could substantially reduce incidents stemming from human error.
Organisations are steadily improving their cybersecurity maturity by investing in advanced tools and services. These investments correlate with reduced incident costs and less downtime.
Tools like Endpoint Detection and Response (EDR), antivirus software, and security awareness training (utilised by 69% of organisations) are helping companies monitor, detect, and respond to threats effectively.
This proactive adoption of sophisticated tools has contributed to a decrease in the financial impact of cybersecurity incidents. Only 5% of respondents reported damages between $250,000 and $500,000 in 2024, down from 25% in 2023.
Recovery timeframes are also improving. 29% of affected organisations experienced only a day or less of downtime, while 27% reported no downtime at all.
With 87% of companies planning to maintain or increase their IT security budgets, ongoing investment in security solutions remains a critical factor driving overall cybersecurity maturity.
AI has the potential to strengthen cybersecurity, but survey responses reveal mixed opinions.
53% of IT professionals believe AI will enhance security. However, 34% remain uncertain about its benefits, highlighting a need for greater education and clarity on AI’s capabilities and limitations.
Nearly one-third of surveyed IT professionals expressed scepticism about AI’s potential to impact their organisation’s security. This indicates that companies are still evaluating the practicality and reliability of AI-driven solutions.
Despite progress in resilience and maturity, certain risks remain top concerns for cybersecurity teams. Phishing, ransomware, and user-related vulnerabilities continue to challenge organisational security.
Phishing alone was identified as a primary issue by 50% of respondents. This sustained focus on persistent threats highlights the need for vigilant, ongoing security measures to mitigate potential damages effectively.
The 2024 Cybersecurity Survey Report underscores both progress and ongoing challenges within cybersecurity. While companies are becoming more resilient and increasingly confident in their defences, the survey reveals areas requiring attention, particularly around user behaviour and the strategic adoption of emerging technologies like AI.
As cybersecurity threats continue to evolve, so must the industry’s approach. Organisations must balance proactive technology investments with strong user training to navigate this complex landscape.
For a comprehensive look at these findings, download the full Kaseya Cybersecurity Survey Report.
If you’re ready to strengthen your cybersecurity strategy or have specific concerns to address, our team of experts is here to help. Contact us today to discuss how we can support your organisation in achieving a robust, resilient security posture that safeguards your operations and ensures peace of mind in an increasingly complex digital landscape.
This report explores organisational resilience against digital threats based on a survey of 8,136 business and cybersecurity leaders across 30 global markets. Discover the global state of cybersecurity readiness and learn how to strengthen your organisation’s defences in today’s complex digital landscape.
The Cybersecurity Readiness Index highlights five key pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and Artificial Intelligence Fortification. These pillars assess how well organisations are prepared to address cybersecurity risks. Cisco identified 31 solutions essential for readiness. Respondents rated their progress in deploying each one and were scored accordingly.
Organisations fall into four stages of readiness: Beginner, Formative, Progressive, and Mature. Beginners are just starting, while Formative entities are charting their path. Progressive organisations build momentum, and Mature entities are fully prepared to face modern risks across the cybersecurity spectrum.
In the past year, 54% of organisations faced cybersecurity incidents. Malware, phishing, and credential stuffing were the main threats. Among these, 52% reported that incidents cost them at least US$300,000, while 12% faced losses of US$1 million or more.
74% expect further disruptions within the next 12-24 months.
Organisations are increasing their cybersecurity budgets. In the last 12-24 months, 91% boosted their spending, with 97% planning to do so in 2024. However, a severe talent shortage affects nearly 90% of companies, slowing their preparedness efforts.
The Cybersecurity Readiness Index report states that despite rising threats, many organisations feel confident. About 80% are moderately to highly confident in their ability to tackle cyber threats. However, the reality is different. Current readiness levels don’t match the evolving threat landscape.
Organisations need to act quickly. Cyber threats are becoming more sophisticated and frequent, outpacing existing protective measures. Accelerating solutions deployment is crucial to closing the gap between vulnerability and preparedness.
To tackle readiness challenges, Cisco recommends a multi-faceted approach. This includes increased investment, platform-driven solutions, and upskilling initiatives. Using generative AI and recruiting in-house talent are key strategies to enhance resilience and strengthen defences.
You can read the full report on the Cisco website.
Cyber attacks can be overwhelming. Now is the time to evaluate your business' cybersecurity readiness, considering the insights from Cisco’s report. If you have concerns, talk to our cybersecurity experts. We offer tailored solutions to meet your specific needs. Let’s work together to protect your organisation from cyber threats.
In an age dominated by digital landscapes, educational institutions are not just repositories of knowledge; they are also data-rich entities with sensitive information about students, faculty, and staff. With the increasing reliance on technology in the education sector, safeguarding these digital domains becomes paramount. One indispensable tool in the arsenal of cybersecurity for educational institutions is penetration testing.
Penetration testing, often called pen testing or ethical hacking, is a proactive cybersecurity approach aimed at identifying vulnerabilities in a system, application, or network infrastructure. For educational institutions, this process involves simulated cyberattacks on their IT infrastructure to uncover weaknesses that malicious actors could exploit.
Educational institutions store a treasure trove of sensitive data, including student records, financial information, and research data. Pen testing helps fortify digital defences, ensuring that this information remains confidential and secure.
Cyberattacks can disrupt the normal functioning of educational institutions, affecting everything from online learning platforms to administrative operations. Pen testing helps identify and address vulnerabilities before they can be exploited, ensuring a seamless learning experience.
Educational institutions often engage in research and development. Pen testing safeguards intellectual property by preventing unauthorised access to research databases, proprietary software, and sensitive academic materials.
Many education institutions must adhere to strict compliance and regulatory standards. Penetration testing helps ensure that these institutions meet the necessary cybersecurity requirements.
Cybersecurity incidents can result in financial losses due to system downtime, legal repercussions, and the cost of recovering from a breach. Pen testing helps identify vulnerabilities early, reducing the risk of financial losses associated with cyber incidents.
A cybersecurity breach can tarnish the reputation of an educational institution. Parents, students, and stakeholders expect their data to be handled with care. Regular testing demonstrates a commitment to security, fostering trust within the community.
Conduct a thorough assessment of the entire IT infrastructure, including servers, networks, applications, and databases.
Simulate real-world cyberattacks to understand how systems respond and identify potential weak points.
Cyber threats evolve, and so should cybersecurity measures. Regular pen testing ensures that defences are up-to-date and effective against the latest threats.
Engage with cybersecurity experts specialising in penetration testing to ensure a comprehensive and unbiased assessment.
Safeguard your academic ecosystem with Step Fwd IT's specialised penetration testing services. Tailored for educational institutions, our experts collaborate to identify vulnerabilities, fortify defences, and ensure the resilience of your digital learning environment.
Experience the efficiency and precision of our penetration testing system. Following a thorough examination, receive a confidential report detailing discoveries, uncovering vulnerabilities and associated risks. Empower your IT team with this knowledge to strategize solutions, or let us assist in patching vulnerabilities, fortifying your network, and minimizing the risk of cyber threats to your organisation.
Elevate your cybersecurity defences today. Schedule a penetration test with us and take proactive steps to stay ahead in the ongoing battle against cyber threats.
In our last blog post, we shared ways to secure your accounts with strong passwords and passphrases. Unfortunately, these methods will always be vulnerable to phishing attacks and data breaches. That’s why businesses around the world are adapting passkey technology to provide a more secure and streamlined alternative.
In an era where digital security is paramount, it’s not just password-related cyber-attacks and data breaches that are having negative impacts on businesses. A 2023 consumer study by the FIDO Alliance found that 39% of Australian respondents abandoned their online shopping carts at least once in the last month because they couldn’t remember the password to their account. This number was 41% in the United Kingdom, 46% in the United States, 51% in China, and a massive 61% in India.
In this blog post, we explore what passkeys are, how they work, and the benefits they bring to the realm of online security.
Passkeys are a revolutionary form of login credentials that enable users to access websites and services without the need for traditional passwords. These digital keys, uniquely associated with a user account and a specific website or application, offer a seamless and secure method of authentication. With passkeys, users are freed from the burden of remembering complex passwords, making login experiences more convenient and secure. These login credentials are compatible with a wide range of devices, including smartphones and laptops, providing a hassle-free and accessible authentication solution for users.
1. Registration
When you create an account with a service that supports passkeys, you'll have the option to set up a passkey during the registration process. During this step, you'll associate your passkey with your user account for that specific service.
2. Creation and Verification
You'll choose a method to create your passkey. This could involve using your device's screen lock method, such as a fingerprint sensor, facial recognition, or a PIN. The system will guide you through this process, ensuring your chosen method is secure.
3. Using the Passkey
When you want to sign into a service, you'll select the account you wish to use, but you won't need to type in a username. This can be compared to selecting an account through a browser’s password manager.
4. Authentication
Your device will prompt you to unlock it using the method you established during passkey creation (e.g., fingerprint, facial recognition, or PIN). Once your device is unlocked, it confirms your identity.
5. Access Granted
With your identity verified, you're granted access to your account without needing a traditional password. Passkeys provide a seamless and secure way to log in without the need to create or remember complex passwords.
These steps illustrate how passkeys simplify the authentication process, providing both security and user convenience. Remember that passkeys are specific to the user account and the website or application they are associated with, making them a secure and straightforward way to log in. For a simple explanation of passkeys, you can check out 1Password’s video here:
Streamlined Multi-Factor Authentication (MFA)
Passkeys consolidate the MFA process into a single step. They replace the need for both a password and a one-time password (OTP) like a 6-digit SMS code. This seamless integration enhances security against phishing attacks and eliminates the inconvenience of SMS or app-based OTPs.
Enhanced User Experience
Users can choose an account to sign in with, eliminating the need to type in a username or password. Authentication can be achieved using device authenticators such as fingerprint sensors, facial recognition, or a PIN.
Once a passkey is created and registered, users can switch to a new device effortlessly, without the need for re-enrolment. This contrasts with traditional biometric authentication, which typically requires individual setup on each device.
Heightened Security
Passkeys introduce enhanced security measures in the following ways:
In conclusion, passkeys emerge as a beacon of hope in the quest for a more secure and user-friendly online world. With the ability to simplify user experiences and fortify security, passkeys are poised to revolutionise how we access our digital lives. Unfortunately, there is still a long way to go before passkey logins become mainstream, but you can visit Passkeys.directory for a regularly updated list of passkey-supported websites. We also advise following password/passphrase best practices to secure your accounts until passkey authentication becomes available. For a refresher, you can read our previous blog post here.
In today's digital age, securing our online presence has become paramount. Passwords are our first line of defence, but not all passwords are created equal. Enter passphrases, a more robust and secure alternative. In this blog post, we'll explore the difference between passwords and passphrases, and provide guidelines for creating strong passwords to enhance your online security.
Passwords
A password is a combination of characters used to access a system or an online account. The specific requirements for passwords can vary, with some websites and applications mandating a minimum length, a mix of uppercase and lowercase letters, numbers, and special symbols.
Passphrases
A passphrase is essentially a more sophisticated version of a password. Like passwords, passphrases grant access to systems and accounts, but they typically consist of at least four random words. This sentence-like string doesn’t necessarily have to make sense or be grammatically correct – in fact, it’s safer for it not to be. The strength of a passphrase lies in its character length and word randomness, making it less challenging to remember but still difficult to guess.
In essence, passwords should be a series of random character combinations, while passphrases should be composed of words, making them easier to remember. Both can provide strong security, but long passwords can be much harder to recall.
Passwords can be very effective when best practices are followed. Unfortunately, a lot of people don’t follow them. Using passwords that contain common words or publicly available personal information makes them far less secure. This means that passphrases are generally more secure due to their length and memorability.
A brute force attack is a cyberattack method where an attacker systematically tries all possible combinations of passwords until the correct one is found. It's a relentless and potentially time-consuming approach that can be used to gain unauthorised access to systems, data, or accounts. Brute force attacks can be mitigated through strong, complex passwords, multi-factor authentication, and rate limiting to prevent repeated login attempts.
With the advancement of technology and the evolvement of Artificial Intelligence, however, the cracking times of passwords are drastically reducing. Passwords that were once considered long and secure are now potentially crackable in just hours. This is why professionals stress the importance of long passwords. Each additional character significantly increases the number of character combinations to work through for a brute force attack.
To create a strong passphrase that maximises security, consider the following guidelines:
1. Length
Experts recommend using passphrases that consist of at least 15 characters but you should aim for the maximum length allowed by the system. For instance, if a system accepts passphrases between 8 and 64 characters, opt for a 64-character passphrase.
2. Avoid Common Phrases
Refrain from using popular phrases, sayings, or song lyrics as they are easily guessable.
3. Random Words
Incorporate random, unrelated words into your passphrase.
4. Use Multiple Words
It's typically recommended to use at least five words in your passphrase.
5. Diversity
Employ different passphrases for each of your accounts to prevent a security breach from affecting multiple services.
Remember that passphrases do not need to form proper sentences or adhere to grammatical rules. The goal is to create a long, strong, and memorable combination of words and characters. This can be simplified by using a secure online tool such as Bitwarden's Strong Password Generator, which you can use to generate passwords and passphrases that fit the parameters that you set.
With the growing number of online accounts, remembering multiple passwords can be a daunting task. This is where password managers come into play. Password managers securely store your login credentials for various websites and systems, eliminating the need to remember them all.
Once set up, password managers can autofill forms for you, streamlining login and sign-up processes. Password managers can generate secure and customisable passwords and passphrases for your accounts, ensuring each one is strong and unique. Additionally, many password managers can notify you if a website you use has been breached or if your credentials are discovered on the dark web.
The main advantage of using a password manager is that you only need to remember one secure password or passphrase to access all your accounts, simplifying the management of your online security.
In conclusion, passwords and passphrases can both be secure when best practices are followed. While passphrases can offer more protection, with the use of password generators to create them and managers to store them, the benefit of memorability becomes obsolete.
It is suggested that people use a secure passphrase as the master password for their password manager. That way, they can memorise it and log in easily. From there, all accounts should use secure passwords/passphrases, which can be randomly generated by the password manager. Each one should be unique and long.
Some of the giants of the technology industry, including Google and Microsoft, have implemented a new way of securing accounts on their platforms through the use of ‘passkeys’. Passkeys provide a number of benefits over passwords and passphrases, the main of which is increased security due to the complete replacement of passwords from accounts. In our next blog post, we will go into what passkeys are, how they work and their benefits. Until mass adoption of this password alternative takes place, it remains vital for your accounts to be secured with long, strong and unique passwords or passphrases.
At Step Fwd IT, we are committed to ensuring that your company's digital assets are protected with the highest level of security. One of the crucial steps in this journey is the implementation of robust password managers for your team.
With password managers, your team can generate and store complex, unique passwords for each account and application without the need to remember them. This significantly fortifies your company's defences against common cyberattacks such as brute force and credential stuffing.
We understand the importance of a smooth transition. Our team will provide extensive support throughout the rollout process, ensuring that your staff can harness the full power of password managers effortlessly. From creating strong, unique passwords to accessing them across various devices, we will be there to guide you every step of the way.
If you're ready to take the next step in securing your company's digital infrastructure, don't hesitate to reach out to us. We'll be delighted to initiate this transformation and ensure your company's cybersecurity is at its best.
Let's make digital security a strength of your organisation. Contact us today to get started!
Also, be sure to check out our follow-up post here.
On September 18, the Australian Financial Review (AFR) held its inaugural Cyber Summit in Sydney. Guest speakers included The Hon Clare O’Neil (Minister for Home Affairs, Minister for Cyber Security) and Air Marshal Darren Goldie (National Cyber Security Coordinator). During the Summit, O’Neil unveiled updates to Australia’s cybersecurity strategy, aiming to make the nation the most cyber-secure by 2030. To achieve this, the government plans to build six cyber shields, creating “…a cohesive, planned national response that builds to a more protected Australia.”
The first shield will educate the public on cyber threats and protective methods, empowering individuals to safeguard themselves. It also ensures victims can recover quickly by providing significant support after attacks.
The second shield focuses on safe technology and clear standards for digital products. This will hold manufacturers accountable for creating secure products and give consumers peace of mind.
The third shield involves “…world-class threat sharing and threat blocking.” By 2030, real-time intelligence sharing between government and businesses will be standard. This approach aims to block threats before they cause harm.
The fourth shield prioritises protecting critical infrastructure to ensure uninterrupted access to essential services. It includes bolstering the government’s cyber defences.
The fifth shield is sovereign capability. It aims to position Australia at the forefront of changing technologies and combat rising cyber threats. The goal is to build a thriving cyber ecosystem, making cybersecurity a sought-after profession.
The sixth shield promotes international collaboration, focusing on regional resilience. Strategic partnerships will help Australia and neighbouring nations tackle shared challenges effectively.
O’Neil outlined a phased approach, completing the strategy in two-year blocks. This ensures each stage undergoes thorough analysis before progressing.
She stressed that a successful strategy won’t eliminate cyber-attacks. Instead, it will ensure “…government is a convenor and a leader and a partner to all…in helping tackle that challenge.” This approach will help organisations and individuals recover quickly from attacks.
O’Neil also acknowledged the need to streamline incident reporting. Boards currently face a complex process, with “…a long list sometimes of 30 or 40 people that they need to call within the government when they come under cyber attack.”
At Step Fwd IT, the comprehensive cybersecurity strategy presented at the AFR’s Cyber Summit resonates deeply with us. The vision of enveloping Australia within six cyber shields not only speaks to national resilience but also to the core of our beliefs and mission.
Education lies at the heart of the first shield. In this regard, we understand that Small and Medium Businesses (SMBs) and K-12 schools represent segments that could greatly benefit from targeted cybersecurity education and resources. These institutions often lack the vast resources of larger entities but are equally, if not more, vulnerable to cyber threats. We have always championed the cause of making cyber-awareness and security more accessible to these groups. By delivering tailored cybersecurity solutions and training programs, we aim to empower these institutions with the knowledge and tools they need to defend against and respond to cyber threats.
The emphasis on secure technology, threat sharing, and international collaboration particularly excites us. As the digital landscape continuously evolves, the collaborative approach underscored by the strategy is crucial. SMBs and schools need to be part of a wider, coordinated defence mechanism, and we are proud to facilitate that connection.
In our ongoing work with SMBs and K-12 schools, we witness firsthand the challenges they face in navigating the digital realm securely. This new strategy amplifies the importance of our role in the ecosystem. It's a testament to the fact that while overarching national strategies are vital, their real impact is felt when businesses like ours take the initiative to localise and tailor these strategies to fit the unique needs of specific sectors.
We are fully on board with the government's vision and see ourselves as partners in this journey. Step Fwd IT is steadfast in our commitment to harnessing the best of technology and cybersecurity practices to ensure our clients remain protected, aware, and resilient. By working in tandem with the broader goals of Australia’s cybersecurity strategy, we are eager to pave the way for a more cyber-secure future for SMBs, K-12 schools, and the nation at large.
In recent years, data breaches and cyberattacks have made headlines for crippling large corporations and government entities. But today, it’s not just major organisations that are at risk—cybersecurity for schools is becoming a pressing concern. K-12 public and private schools are now prime targets due to basic cybersecurity measures and limited IT resources, making them 'soft targets' for cyber criminals.
Education is one of the top three most breached sectors in Australia. With sensitive student data and growing reliance on technology, schools face an escalating number of cyberattacks. This has prompted the Australian government to explore new strategies to combat the issue. A 2020 IBM survey revealed that nearly half of all educators had not received basic cybersecurity training, highlighting a critical gap in cybersecurity for schools. Additionally, the widespread use of technology in classrooms further increases schools’ exposure to threats.
Schools encounter a variety of cybersecurity challenges. Some of the most common and damaging threats include:
Phishing is a tactic where cybercriminals attempt to obtain sensitive information by pretending to be legitimate entities. Cybersecurity for schools is frequently undermined by phishing, which often manifests in three forms:
Ransomware is malicious software that locks down school IT systems until a ransom is paid. Frequently spread through phishing emails, ransomware can disrupt school operations, endanger sensitive data, and result in significant downtime.
The increase in Bring Your Own Device (BYOD) policies exposes school networks to higher risks. With numerous student devices connecting to school systems daily, ensuring proper security measures is vital in maintaining cybersecurity for schools.
Failing to implement robust cybersecurity for schools can lead to severe consequences. The effects range from visible breaches of data and public relations crises to hidden costs like disrupted operations and loss of trust from the school community.
Visible Impacts | Hidden Consequences |
Breaches of school data | Unplanned cybersecurity expenses |
Major IT repairs | Disruption of teaching activities |
Public relations crises | Loss of trust from parents and students |
Implementing proper 'cyber hygiene' practices is essential for effective cybersecurity for schools. Much like maintaining personal hygiene ensures physical health, cyber hygiene refers to regular practices that keep IT systems secure and healthy.
Routine maintenance, including updating software and addressing vulnerabilities, is crucial to avoid making school systems easy targets for hackers. Essential cyber hygiene practices include:
Protecting schools from cyber threats requires more than just reacting to attacks. A proactive approach to cybersecurity for schools ensures systems are not only protected but also running smoothly. Well-maintained IT infrastructure reduces the likelihood of breaches while ensuring optimal performance in day-to-day school operations.
At Step Fwd IT, we specialise in proactive, security-focused IT services for schools. Our end-to-end solutions are designed to protect against major cybersecurity threats while keeping your technology running efficiently. We also encourage schools to integrate cybersecurity awareness into staff training and student curriculums.
When was your school’s last cybersecurity checkup? At Step Fwd IT, we partner with schools across Victoria, including Salesian College Sunbury, to create tailored strategies that safeguard IT systems and ensure ongoing performance. Contact us today to see how we can help enhance cybersecurity for your school.