Story image

Peace of mind from cybercrime

05 Jul 16

More than two-thirds of Australian organisations suffered at least one security breach or incident in the past 12 months, according to CompTIA. And these types of data breaches cost Australian businesses an average of $3 million.

Big and alarming numbers, yet proof of the harsh reality all businesses operate in: no matter how secure you think your company is, we are all vulnerable to cyber-attacks.

Despite increasing investments in security systems, research from the Australia Cyber Security Centre shows only 37% of businesses regularly review their cyber-security incident response plans.

If we accept cyber-crime as ever changing, Australian organisations can’t afford to stand still. Combating security threats is not a transformation businesses can ever complete, but one they must remain ahead of. A key factor in achieving this is an attitudinal change, accepting cyber-breaches are a matter of ‘when’, not ‘if’.

The next step is in shifting sentiment. Businesses must move away from the concept cyber- security is an issue unique to IT, and view it as a shared responsibility across all employees. For instance, employees need to understand the risks of opening confidential documents on their tablets, or accessing the corporate network through public Wi-Fi networks.

To achieve this change in approach, the Australian Federal Government’s Cyber-Security Strategy is a great starting point for business; covering a range of areas including inter-business collaboration and employee education and training.

However, as cyber-criminals and hackers exploit vulnerabilities with new types of malware or targeted attacks, organisations cannot ignore the role of technology. Particularly when faced with the difficult challenge of balancing employee needs with the integrity of IT security.

In today’s digital world where an employee expects to work remotely from one of three connected devices, IT departments must be able to mandate and enforce corporate security standards and control across all locations and devices. This highlights the need for organisations to rethink technological approaches to security and remote access when implementing initiatives such as BYOD and flexible work.

To achieve this, businesses must defined what information is of value to cyber-criminals. Most organisations are likely to have some sense of what this is, but must never be complacent and always scrutinise their IT infrastructure to understand where sensitive data is stored, and what security controls to place around it at the source, rather than end point which is out of their control.

By implementing this level of awareness, IT administrators shift away from the band-aid routine of patching security layers to fix isolated problems after they occur, to resolving the issue at its core ahead of any problems developing.

While industry agrees the issue of cyber-security requires a holistic approach, technology must remain front and centre. What businesses need to do better is understand where their vulnerabilities lie before deploying technology to ensure it doesn’t hinder business objectives such as collaboration, productivity and connectivity.

Only by acknowledging weaknesses will businesses truly be able to see the bigger picture and successfully protect their IT infrastructure.

Article by David Nicol, Citrix ANZ

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.