Story image

How to scrutinise business partners' security - especially if they're financial firms

22 Aug 17

Organisations may be taking a good look at their own cybersecurity strategies, but still put too much trust in other organisations and their security, according to Aleron.

The company says that financial organisations are most at risk because they are an attractive target for cybercriminals. Although they are starting to pay closer attention to their partners’ security postures, more needs to be done to ensure the right cybersecurity measures are in place.

Aleron’s director Alex Morkos says that banks are the most attractive targets.

“Australian financial institutions are generally very secure but, if the businesses they partner with or purchase from aren’t similarly secure, it could create opportunities for cyber attackers to gain access.”

“Smaller organisations often don’t have the same stringent security measures as their larger counterparts, whether because they don’t have the resources or because they think their smaller size makes them a less attractive target. But a smaller company that does business with a bank is a perfect target for an ambitious hacker,” Morkos adds.

“Banks are therefore increasingly demanding that the organisations they work with validate their security efforts. Smaller organisations looking to work with Australian financial institutions need to ensure they have the right security measures in place to ensure successful engagements and ongoing working relationships.” 

Aleron says that businesses who work with financial institutions should assess their security measures. It may be a daunting process for small businesses that may never have undergone such a rigorous security posture analysis.

Aleron provides three key steps to approaching potential partners

1.  Know and clearly define your cybersecurity and risk posture. 
You should consider the key cyber assets in the business and what parts of the business could put others at risk if cybercriminals gained access. 

2.  Find the security gaps within your risk posture and plan to address them. 
It’s important to have a planned mitigation roadmap that takes all variables into consideration, rather than a reactive, tactical solution that may risk other parts of the business. Having completed step one, defining your cybersecurity and risk posture, you can quickly identify which gaps you don’t need mitigate. 

3.  Appropriately budget. 
Business leaders should ensure they have properly budgeted for any mitigation plans and have demonstrable governance to ensure these plans are appropriately delivered. 

“Smaller organisations looking to engage with financial institutions should seek advice and input from an experienced, trusted partner to help them ensure their security posture is strong, as well as help them understand the process of working with these large organisations,” Morkos concludes.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.