How to scrutinise business partners' security - especially if they're financial firms
Organisations may be taking a good look at their own cybersecurity strategies, but still put too much trust in other organisations and their security, according to Aleron.
The company says that financial organisations are most at risk because they are an attractive target for cybercriminals. Although they are starting to pay closer attention to their partners' security postures, more needs to be done to ensure the right cybersecurity measures are in place.
Aleron's director Alex Morkos says that banks are the most attractive targets.
“Australian financial institutions are generally very secure but, if the businesses they partner with or purchase from aren't similarly secure, it could create opportunities for cyber attackers to gain access.” “Smaller organisations often don't have the same stringent security measures as their larger counterparts, whether because they don't have the resources or because they think their smaller size makes them a less attractive target. But a smaller company that does business with a bank is a perfect target for an ambitious hacker,” Morkos adds. “Banks are therefore increasingly demanding that the organisations they work with validate their security efforts. Smaller organisations looking to work with Australian financial institutions need to ensure they have the right security measures in place to ensure successful engagements and ongoing working relationships.”
Aleron says that businesses who work with financial institutions should assess their security measures. It may be a daunting process for small businesses that may never have undergone such a rigorous security posture analysis.
Aleron provides three key steps to approaching potential partners
1. Know and clearly define your cybersecurity and risk posture. You should consider the key cyber assets in the business and what parts of the business could put others at risk if cybercriminals gained access. 2. Find the security gaps within your risk posture and plan to address them. It's important to have a planned mitigation roadmap that takes all variables into consideration, rather than a reactive, tactical solution that may risk other parts of the business. Having completed step one, defining your cybersecurity and risk posture, you can quickly identify which gaps you don't need mitigate. 3. Appropriately budget. Business leaders should ensure they have properly budgeted for any mitigation plans and have demonstrable governance to ensure these plans are appropriately delivered. “Smaller organisations looking to engage with financial institutions should seek advice and input from an experienced, trusted partner to help them ensure their security posture is strong, as well as help them understand the process of working with these large organisations,” Morkos concludes.