Story image

Security strategies under par, says experts

15 Feb 16

Businesses need to up their security game, with advisory firm RSM Australia claiming security is becoming a spectator sport.

According to the company, there are many organisations with a gap in their risk management strategies that is affecting the security of sensitive and private information.

“The level of diligence in organisations when it comes to risk management and security often depends on the resources allocated to it,” explains Michael Shatter, Risk Advisory partner, RSM Australia.

“This can become a shortfall either because of complacency, unawareness of the risks, or lack of budget,” he says.

“When RSM Australia undertakes risk management reviews for organisations it is often clear from the outset that even basic elements are lacking, such as updating patches to operating and communication systems and protections from current vulnerabilities,” says Shatter.

“The question remains whether organisations are giving security sufficient attention from a holistic perspective or simply spectating from the sidelines because they don’t have sufficient resources to make it a focus,” he adds.

Shatter says there are three key elements contributing to the security spectator sport culture

A lack of trained professionals

“It is an inevitable truth that organisations left without proper security talent remain vulnerable to the ever-present (and growing) threat of hackers,” says Shatter.

“However, there aren't enough trained information security professionals to meet market demand.”

HR managers have listed information security as one of the most valuable skillsets for the next 12-18 months according to Greythorn's Australian IT market insights and salary guide for 2014-15.

To counter this, many organisations will turn to international markets in the effort to hire the necessary talent to secure their IT enterprise, Shatter says.

“In the meantime, organisations should consult a trusted security advisor and develop a security management plan to direct resources to this risk area or at least identify where their key risks may lie,” he explains.


According to Shatter, there is a growing trend for organisations to look at outsourcing through cloud and managed services to reduce capital outlay for hardware and infrastructure.

“Unfortunately, outsourcing services also means that organisations may be less involved in managing their own security risks and also are taking less directly responsibility for the security of the information they are outsourcing,” he says.

“Organisations should be exercising due diligence regarding the security standards delivered by their outsourcing partners, and review these on a regular basis.

“This ensures they are familiar and aware of the level of security being maintained by their service providers.”

Incomplete security protocols

Integrating devices and technology in new ways, such as via the Internet of Things, can deliver business benefits but it's important for organisations to consider how these connected devices will be secured, says Shatter.

“For example, in the healthcare industry, a growing number of medical devices are being connected to the enterprise network without concern for protecting both the devices and the network from unauthorised access,” he says.

“Similarly, manufacturing organisations are increasingly connecting industrial control systems to corporate networks, integrating previously air-gapped systems and creating potential security risks.”

Shatter says organisations need to consider security as part of the buying process, and stretch their policies to include every device used for any purpose throughout the network, including industrial control systems.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.