Story image

How to scrutinise business partners' security - especially if they're financial firms

22 Aug 2017

Organisations may be taking a good look at their own cybersecurity strategies, but still put too much trust in other organisations and their security, according to Aleron.

The company says that financial organisations are most at risk because they are an attractive target for cybercriminals. Although they are starting to pay closer attention to their partners’ security postures, more needs to be done to ensure the right cybersecurity measures are in place.

Aleron’s director Alex Morkos says that banks are the most attractive targets.

“Australian financial institutions are generally very secure but, if the businesses they partner with or purchase from aren’t similarly secure, it could create opportunities for cyber attackers to gain access.”

“Smaller organisations often don’t have the same stringent security measures as their larger counterparts, whether because they don’t have the resources or because they think their smaller size makes them a less attractive target. But a smaller company that does business with a bank is a perfect target for an ambitious hacker,” Morkos adds.

“Banks are therefore increasingly demanding that the organisations they work with validate their security efforts. Smaller organisations looking to work with Australian financial institutions need to ensure they have the right security measures in place to ensure successful engagements and ongoing working relationships.” 

Aleron says that businesses who work with financial institutions should assess their security measures. It may be a daunting process for small businesses that may never have undergone such a rigorous security posture analysis.

Aleron provides three key steps to approaching potential partners

1.  Know and clearly define your cybersecurity and risk posture. 
You should consider the key cyber assets in the business and what parts of the business could put others at risk if cybercriminals gained access. 

2.  Find the security gaps within your risk posture and plan to address them. 
It’s important to have a planned mitigation roadmap that takes all variables into consideration, rather than a reactive, tactical solution that may risk other parts of the business. Having completed step one, defining your cybersecurity and risk posture, you can quickly identify which gaps you don’t need mitigate. 

3.  Appropriately budget. 
Business leaders should ensure they have properly budgeted for any mitigation plans and have demonstrable governance to ensure these plans are appropriately delivered. 

“Smaller organisations looking to engage with financial institutions should seek advice and input from an experienced, trusted partner to help them ensure their security posture is strong, as well as help them understand the process of working with these large organisations,” Morkos concludes.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.