SecurityBrief Australia logo
Story image

Security strategies under par, says experts

Businesses need to up their security game, with advisory firm RSM Australia claiming security is becoming a spectator sport.

According to the company, there are many organisations with a gap in their risk management strategies that is affecting the security of sensitive and private information.

“The level of diligence in organisations when it comes to risk management and security often depends on the resources allocated to it,” explains Michael Shatter, Risk Advisory partner, RSM Australia.

“This can become a shortfall either because of complacency, unawareness of the risks, or lack of budget,” he says.

“When RSM Australia undertakes risk management reviews for organisations it is often clear from the outset that even basic elements are lacking, such as updating patches to operating and communication systems and protections from current vulnerabilities,” says Shatter.

“The question remains whether organisations are giving security sufficient attention from a holistic perspective or simply spectating from the sidelines because they don’t have sufficient resources to make it a focus,” he adds.

Shatter says there are three key elements contributing to the security spectator sport culture

A lack of trained professionals

“It is an inevitable truth that organisations left without proper security talent remain vulnerable to the ever-present (and growing) threat of hackers,” says Shatter.

“However, there aren't enough trained information security professionals to meet market demand.”

HR managers have listed information security as one of the most valuable skillsets for the next 12-18 months according to Greythorn's Australian IT market insights and salary guide for 2014-15.

To counter this, many organisations will turn to international markets in the effort to hire the necessary talent to secure their IT enterprise, Shatter says.

“In the meantime, organisations should consult a trusted security advisor and develop a security management plan to direct resources to this risk area or at least identify where their key risks may lie,” he explains.


According to Shatter, there is a growing trend for organisations to look at outsourcing through cloud and managed services to reduce capital outlay for hardware and infrastructure.

“Unfortunately, outsourcing services also means that organisations may be less involved in managing their own security risks and also are taking less directly responsibility for the security of the information they are outsourcing,” he says.

“Organisations should be exercising due diligence regarding the security standards delivered by their outsourcing partners, and review these on a regular basis.

“This ensures they are familiar and aware of the level of security being maintained by their service providers.”

Incomplete security protocols

Integrating devices and technology in new ways, such as via the Internet of Things, can deliver business benefits but it's important for organisations to consider how these connected devices will be secured, says Shatter.

“For example, in the healthcare industry, a growing number of medical devices are being connected to the enterprise network without concern for protecting both the devices and the network from unauthorised access,” he says.

“Similarly, manufacturing organisations are increasingly connecting industrial control systems to corporate networks, integrating previously air-gapped systems and creating potential security risks.”

Shatter says organisations need to consider security as part of the buying process, and stretch their policies to include every device used for any purpose throughout the network, including industrial control systems.

Story image
New research reveals customer behaviour around fraud risks
"Timeliness is key, you must get the alert in front of people at the exact moment they are at risk of fraud. Without this, banks will continue to spend huge amounts of money on fraud prevention messaging that will never have an impact."More
Story image
Sharp increase in cyber attacks in last quarter of 2020 - report
There was an increase in the number of attacks aimed at the trade industry and medical institutions, as well in the number of social engineering attacks on individuals.More
Story image
New research by Netacea into digital fingerprint and identity thief
Bot detection and mitigation company Netacea has published new research into the Genesis Market, an invite-only deep web marketplace that trades in digital fingerprints and enables buyers to impersonate victims online.More
Story image
Avast identifies new cryptocurrency malware Hackboss
Researchers from Avast, the global digital security and privacy company, say they have identified new cryptocurrency-stealing malware.More
Story image
Greater demand for modern data protection, disaster recovery as COVID sees increase in attacks
Data-driven organisations must evaluate evolving requirements for backup and disaster recovery to combat emerging workload challenges.More
Story image
Organisations faced unprecedented ransomware risk in 2020
Enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training.More