Story image

Security strategies under par, says experts

15 Feb 2016

Businesses need to up their security game, with advisory firm RSM Australia claiming security is becoming a spectator sport.

According to the company, there are many organisations with a gap in their risk management strategies that is affecting the security of sensitive and private information.

“The level of diligence in organisations when it comes to risk management and security often depends on the resources allocated to it,” explains Michael Shatter, Risk Advisory partner, RSM Australia.

“This can become a shortfall either because of complacency, unawareness of the risks, or lack of budget,” he says.

“When RSM Australia undertakes risk management reviews for organisations it is often clear from the outset that even basic elements are lacking, such as updating patches to operating and communication systems and protections from current vulnerabilities,” says Shatter.

“The question remains whether organisations are giving security sufficient attention from a holistic perspective or simply spectating from the sidelines because they don’t have sufficient resources to make it a focus,” he adds.

Shatter says there are three key elements contributing to the security spectator sport culture

A lack of trained professionals

“It is an inevitable truth that organisations left without proper security talent remain vulnerable to the ever-present (and growing) threat of hackers,” says Shatter.

“However, there aren't enough trained information security professionals to meet market demand.”

HR managers have listed information security as one of the most valuable skillsets for the next 12-18 months according to Greythorn's Australian IT market insights and salary guide for 2014-15.

To counter this, many organisations will turn to international markets in the effort to hire the necessary talent to secure their IT enterprise, Shatter says.

“In the meantime, organisations should consult a trusted security advisor and develop a security management plan to direct resources to this risk area or at least identify where their key risks may lie,” he explains.


According to Shatter, there is a growing trend for organisations to look at outsourcing through cloud and managed services to reduce capital outlay for hardware and infrastructure.

“Unfortunately, outsourcing services also means that organisations may be less involved in managing their own security risks and also are taking less directly responsibility for the security of the information they are outsourcing,” he says.

“Organisations should be exercising due diligence regarding the security standards delivered by their outsourcing partners, and review these on a regular basis.

“This ensures they are familiar and aware of the level of security being maintained by their service providers.”

Incomplete security protocols

Integrating devices and technology in new ways, such as via the Internet of Things, can deliver business benefits but it's important for organisations to consider how these connected devices will be secured, says Shatter.

“For example, in the healthcare industry, a growing number of medical devices are being connected to the enterprise network without concern for protecting both the devices and the network from unauthorised access,” he says.

“Similarly, manufacturing organisations are increasingly connecting industrial control systems to corporate networks, integrating previously air-gapped systems and creating potential security risks.”

Shatter says organisations need to consider security as part of the buying process, and stretch their policies to include every device used for any purpose throughout the network, including industrial control systems.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.