In response to a series of data leaks, Australia is updating cybersecurity practices. A ISG Provider Lens report for Australia finds that the attacks revealed escalating threats and changed cybersecurity from solely an IT issue to a closely monitored enterprise challenge.

The Australian government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organizations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives.

Recent attacks revealed that even large Australian enterprises have cyber capability gaps, the report says. Most had invested heavily in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the attack surface has expanded with the rise of remote work, digital engagement, an expanding supply chain and IoT. Mistakes inside organizations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.

As a result, Australian enterprises have begun to assess their risk tolerance, evaluate current controls and take an “assume breach” approach, recognizing that not all breaches can be prevented and focusing on rapid detection and response, according to the report.

Many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report says. Companies with multiple cybersecurity tools, which often generate false positives that require manual intervention, will also need greater automation and interoperability to relieve the pressure on security operations centers (SOCs). The role of AI is expected to grow exponentially, often to secure IoT assets.