The digital landscape has not been this fraught with danger since the Second World War.¹ This statement was made by the Australian Signals Directorate (ASD) in their Annual Cyber Threat Report—and not without warrant. In 2023-24, ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous year; the cost of cybercrime on victimised medium-large businesses averaged $63,200; and 87,000 reports of cybercrime were made in the year, an average of one report every six minutes.¹ These findings are confronting, but unfortunately, they are not unexpected.
Cybercrime has been steadily rising since the advent of mainstream computer usage, and with it, calls to approach cybersecurity as business-critical have become louder year-on-year. Not just from the IT industry, either. From government, to retail, to insurance and beyond—every sector, every industry, can agree that cybersecurity is tremendously important. Thankfully, the majority of medium-large Australian businesses have heeded the call to invest in their security posture. This is backed by a 2024 report from business management platform, MYOB, that shows of the 500 mid-sized businesses surveyed, 84% of respondents indicated they felt prepared for a potential cyber incident.²
However, as businesses who have experienced a cyber incident will tell you, there is a big difference between feeling prepared and truly being prepared. It’s a mistake to believe that victims of cybercrime are so because they see cybersecurity as unimportant or they don’t have any measures in place to protect themselves. More often than not, victims of cybercrime do a lot of the right things—they understand the importance of solid security, their staff have good general cyber hygiene, they have many of the suitable processes and practices in place. It’s not carelessness that causes these organisations to find themselves confronted with a cyber crisis. Often, the true catalyst is silent but potentially deadly: blind spots.
They might seem innocuous, but blind spots in a security strategy can quickly become the weak points in your defence plan, and thus the most attractive for cybercriminals to target. Of course, the inherent problem with blind spots is that you are not aware of them. If you were, they would not be blind spots at all—they’d be factored into your strategy.
To help you identify the areas that may have slipped under the radar of your organisation’s watchful eye, we sat down with our Solutions team to shed some light on the most common blind spots they see across the different organisations.
In many mid-to-large-sized businesses, cybersecurity is a constant balancing act between solid protection and practical day-to-day operations. New technologies and software rollouts often happen quickly to keep up with customer and market demands, making it challenging for security to keep pace. When you add factors like a remote or hybrid workforce and the complexity of managing different cloud services, gaps can begin to appear.
Government agencies have one of the toughest balancing acts of all. On one hand, they hold highly sensitive data tied to public services. On the other, they’re bound by budget constraints and bureaucratic processes. Legacy systems can linger longer than intended, and large-scale digital transformation projects sometimes overlook small details that ultimately leave openings for attackers.
Healthcare organisations deal with patient records, insurance details and medical research—some of the most confidential data imaginable. The urgency of patient care can push security tasks to the background, particularly if older equipment and third-party applications aren’t updated as regularly as they should be. Overlooked vulnerabilities can escalate quickly in this environment, where any downtime could be disastrous.
These days, schools and universities rely on a wide range of digital platforms. The challenge is that these systems often vary in age and compatibility, and can be overseen by multiple departments with limited cybersecurity expertise. On top of this, staff and student users can inadvertently create vulnerabilities—through weak passwords, shared accounts, and falling victim to phishing schemes.
The confronting truth is that many organisations don’t realise these blind spots exist until they’re in the midst of a cyber crisis. Knowing where you stand—and addressing the gaps in your security plan—is essential for keeping yourself protected. To help you get started, we’ve created a free self-assessment tool to highlight the areas that may need addressing.
If you’re uncertain about where your cybersecurity measures may be falling short, our free self-assessment tool can help you identify vulnerabilities before they turn into real issues. Just get in touch and we’ll send it straight to your inbox.
¹ https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024
² https://www.myob.com/au/press-releases/australian-mid-market-on-high-alert-against-cyber-threat