Story image

Peace of mind from cybercrime

05 Jul 2016

More than two-thirds of Australian organisations suffered at least one security breach or incident in the past 12 months, according to CompTIA. And these types of data breaches cost Australian businesses an average of $3 million.

Big and alarming numbers, yet proof of the harsh reality all businesses operate in: no matter how secure you think your company is, we are all vulnerable to cyber-attacks.

Despite increasing investments in security systems, research from the Australia Cyber Security Centre shows only 37% of businesses regularly review their cyber-security incident response plans.

If we accept cyber-crime as ever changing, Australian organisations can’t afford to stand still. Combating security threats is not a transformation businesses can ever complete, but one they must remain ahead of. A key factor in achieving this is an attitudinal change, accepting cyber-breaches are a matter of ‘when’, not ‘if’.

The next step is in shifting sentiment. Businesses must move away from the concept cyber- security is an issue unique to IT, and view it as a shared responsibility across all employees. For instance, employees need to understand the risks of opening confidential documents on their tablets, or accessing the corporate network through public Wi-Fi networks.

To achieve this change in approach, the Australian Federal Government’s Cyber-Security Strategy is a great starting point for business; covering a range of areas including inter-business collaboration and employee education and training.

However, as cyber-criminals and hackers exploit vulnerabilities with new types of malware or targeted attacks, organisations cannot ignore the role of technology. Particularly when faced with the difficult challenge of balancing employee needs with the integrity of IT security.

In today’s digital world where an employee expects to work remotely from one of three connected devices, IT departments must be able to mandate and enforce corporate security standards and control across all locations and devices. This highlights the need for organisations to rethink technological approaches to security and remote access when implementing initiatives such as BYOD and flexible work.

To achieve this, businesses must defined what information is of value to cyber-criminals. Most organisations are likely to have some sense of what this is, but must never be complacent and always scrutinise their IT infrastructure to understand where sensitive data is stored, and what security controls to place around it at the source, rather than end point which is out of their control.

By implementing this level of awareness, IT administrators shift away from the band-aid routine of patching security layers to fix isolated problems after they occur, to resolving the issue at its core ahead of any problems developing.

While industry agrees the issue of cyber-security requires a holistic approach, technology must remain front and centre. What businesses need to do better is understand where their vulnerabilities lie before deploying technology to ensure it doesn’t hinder business objectives such as collaboration, productivity and connectivity.

Only by acknowledging weaknesses will businesses truly be able to see the bigger picture and successfully protect their IT infrastructure.

Article by David Nicol, Citrix ANZ

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.