SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Cybersecurity experts urge enhanced defence strategies

Wed, 23rd Oct 2024

Cybersecurity remains a dominant concern for businesses, as highlighted during Cyber Awareness Month. Experts in the field are voicing concerns, offering insights into mitigating risks, and boosting organisational defences against burgeoning cyber threats.

Innes Muir, Regional Manager for Managed Security Service Providers (MSSPs) at Logpoint, outlined several persistent challenges organisations face. He highlighted that although Cyber Awareness Month marks its 20th anniversary, fundamental issues remain unchanged. "Most attacks are opportunistic in nature – they exploit a lack of basic cyber hygiene," making it imperative for organisations to implement effective measures, such as password management, multi-factor authentication (MFA), and software updates.

Muir pointed out the results of the Cyber Security Breaches Survey 2024, painting a concerning picture. While a significant 72% of businesses reported having a password policy, only 54% had established a protocol for handling fraudulent emails or websites and a mere 39% employed two-factor authentication. Security updates within 14 days were only being managed by 34% of firms. These statistics indicate a worrying gap in cybersecurity practices, particularly among small and medium-sized businesses (SMBs) that struggle with budget constraints and a shortage of cybersecurity professionals. "It's a picture that only worsens when it comes to SMBs," he noted.

Muir suggested integrating automated systems for threat detection and response to address these challenges. "Automating threat hunting, detection and incident response can dramatically improve the ability of the enterprise to spot and stop attacks using a Security Incident and Event Management (SIEM) platform." Using Security Incident and Event Management (SIEM) technology, organisations can respond to real-time threats, a technology once reserved for larger corporations but now accessible to smaller enterprises. Alternatively, he advocated for Managed Detection and Response (MDR) services, which involve outsourcing these responsibilities to third-party providers, offering a 24/7 security solution that integrates SIEM capabilities alongside a dedicated response team.

Meanwhile, Yousef Hazimee, Head of Security, Risk and Compliance at LearnUpon, emphasised the importance of engaging employees with updated and relevant security training. Hazimee cautioned against repetitive and monotonous training programs, which risk losing effectiveness if not regularly revised. "If you keep serving up the same content every year, employees will lose interest, and the training will lose its value, which can become a big cybersecurity risk." Effective training must consider the audience's current knowledge and technological competence, ensuring materials are pertinent and accessible. "My best advice would be to start with something manageable and design the program with your audience in mind," he recommended.

LearnUpon tackles this by conducting annual company-wide security awareness programs, thus keeping their staff informed about new and emerging threats while reinforcing existing security protocols. This approach suggests designing tailored training that aligns with employee capacities, such as short video modules for more mobile learners or foundational courses for less tech-savvy individuals. Hazimee asserts that evolving education standards should reflect the advancing security awareness of employees over time. "Focus on your learners, and try to build a program that feels relevant and realistic to them."

Both Muir and Hazimee underscore businesses' need to remain vigilant and adaptive in their cybersecurity strategies. Leveraging technological innovations like SIEM and MDR can markedly bolster organisational defences, while thoughtful and dynamic employee training can elevate awareness and competence, fortifying businesses against the sophisticated threat landscape. As cyber threats continue to evolve, it is clear that both technological and educational measures must advance in tandem to maintain effective defences.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X