SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
#
Firewalls
#
Ransomware
#
Network Security

Video: 10 Minute IT Jams — Who is Security Centric?

Tue, 23rd Nov 2021
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor

Cyber threats are on the rise. As organisations grapple with evolving risks, experts such as Sergeant Vasilevskiy, Principal of Australian information security firm Security Centric, are urging a broader, business-focused approach.

Speaking on the current state of cybersecurity, Vasilevskiy explained that Security Centric positions itself as a full life cycle cyber security specialist, with services spanning risk assessment to incident response. "We partner with our clients to perform all of their responsibilities around cyber," he said.

Vasilevskiy broke down their approach into four main phases: assess, secure, maintain, and respond. The process starts with a deep dive into a client's core purpose. "In most cases, that core purpose isn't cyber - it might be banking, high fashion, or making cheese," he noted.

The initial 'assess' phase involves mapping a client's business function to its security posture and technology, with risks evaluated just like any other commercial challenge. "We accept that risk, like you accept the risk when you cross a road. You might avoid that risk, transfer it through outsourcing or insurance, or you might mitigate it," he said.

Once risks are understood, Security Centric helps organisations implement preventative controls during the 'secure' phase. This covers hardening technical systems, bolstering authentication, and changing business processes through improved governance and policy. "It might be implementing a strong authentication, network segmentation, or changing the way that people do things," Vasilevskiy explained.

The 'maintain' phase focuses on preserving an organisation's risk appetite, using regular vulnerability management, monitoring, and keeping up to date with emerging threat trends. According to Vasilevskiy, this is about having "proactive and periodic measures and activities to keep across threat trends and advisories."

Responding to incidents rounds out their engagement. Sometimes, this involves investigating potential threats that turn out to be false alarms. But it can escalate rapidly: "Sometimes you get called in to the response stage as our first engagement, unfortunately. We end up assisting in things like submissions to the information commissioner around data breaches," he shared.

Vasilevskiy was clear that modern cybersecurity goes beyond the basics. "There's more to cybersecurity than firewalls, antivirus, and an annual penetration test," he said. Security Centric's aim is to integrate security as a broad organisational function, not just a set of narrow technical solutions.

So how can organisations tell if they need to lift their cybersecurity game? For Vasilevskiy, it starts at the top. "The clearest indicator at the organisational level is to ask yourself: do you know what your cyber security posture is? Is it tied to business risk, not technical risk? And how confident are you of the breadth and comprehensiveness of that view?"

Too often, he cautioned, organisations rely on sources too close to the action, or with potential conflicts of interest. "Asking a technology service provider means you're forcing a conflict of interest; you're asking someone to audit or assess their own work… what you need is someone independent that doesn't have that conflict of interest and also has broad expertise and experience in cyber rather than services and infrastructure."

Vasilevskiy also suggested several operational clues that cyber practices need revision, such as repeated phishing incidents or a tendency to always play catch-up on vulnerabilities. "If you can't point to a clearly defined cybersecurity strategy that supports business objectives, and if you can't measure organisational performance against these, then you're likely in need of significant uplift of your cyber security function to avoid making the front page of the paper," he warned.

When asked about recent trends, Vasilevskiy highlighted the growing sophistication and commercialisation of cyber adversaries. "Gone are the days of the poorly worded letter from the Nigerian prince. Threat actors are mining social media, organisational charts, even annual reports to put together campaigns that are far from generic. They know what's happening and what roles people have within organisations."

He described how attackers may start with business email compromise just to gather intelligence, before moving on to more targeted endeavours. Moreover, Vasilevskiy sees ransomware shifting from disabling systems to threatening exposure of confidential information. "Threat actors are now blackmailing organisations based on the threat of releasing confidential information, rather than interrupting system availability," he explained. The loss of trust in these cases, he warned, can "impact far greater than a few days without some business applications."

Looking ahead, Vasilevskiy advocates strongly for aligning cyber strategies with business objectives, rather than simply deploying technical controls. "The most critical step is aligning cyber with core organisational purpose and objectives, not randomly chosen technical controls," he said. For instance, if a company's major goal is transforming how information is stored and accessed, the cybersecurity plan should address data classification, handling, loss prevention, and ensuring controls are user-friendly. "User experience is key - both from the points of efficiency, but also employee satisfaction."

He observed that many organisations already possess the technological tools needed for protection; the focus should be on optimising these investments. "In many cases what we end up doing is tuning existing technology investments. There's no point in reinventing the wheel or shopping for the new kit," he said.

For a successful cyber strategy, Vasilevskiy stressed the importance of operational discipline - such as system monitoring, rapid threat response, and having clear goals to measure success. "You need very clear goals to measure your cyber security success against at the end of that 6, 12, 18 month period," he said.

As the cyber threat landscape continues to adapt, Sergeant Vasilevskiy's message is simple: make cyber a core part of the business mission, not just an afterthought. "At the end of the day, it's all about making sure your business objectives are secure, your people are informed, and your risks are understood and managed," he said.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda boosts threat detection with multimodal AI upgrade
Facebook ads scam uses celebrity faces to spread malware
BlueVoyant launches tailored Microsoft Security optimisation service
Mid-market APAC firms boost cybersecurity but lag in AI use
Panaseer launches tool to automate enterprise compliance tasks
Top stories
New report reveals major security flaws in multimodal AI models
AI trends in video surveillance focus on ethics, hybrid models
Broadcom forces VMware clients to roll back crucial updates
Fortinet launches FortiGate 700G with AI & quantum protection
DXC launches solution with SAP & Microsoft to boost AI use