Story image

The attack surface: 2019's biggest security threat

15 Feb 2019

As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.

Aon’s national practice lead for cyber insurance Michael Parrant says that businesses are adopting technology at a rapid pace, but that also means there are also a growing number of ‘touch points’ within a business that can be exploited.

“We believe the future of cyber risk management must be proactive, oriented around sharing threat intelligence, and collaborating within and across enterprises and industries; ceaselessly hunting for bad actors; and raising the bar on preparedness for the inevitable day when a strike does come,” says Parrant.

However, the last few years have brought increased regulatory oversights such as the European Union’s GDPR and Australia’s Notifiable Data Breaches scheme.

Parrant believes these provide increased financial and reputational motivation for local businesses to take action.

The report points out a number of areas that businesses should focus on to reduce their cybersecurity risk in 2019.

Technology. As integrated technologies such as ‘X-as-a-service’ (XaaS) and ‘Infrastructure-as-a-service’ (IaaS) continue to transform bricks-and-mortar industries, it is important that each assesses its own unique exposures rather than try and adopt an off-the-shelf strategy to manage and mitigate risks.   Supply chain. As cloud-based services and sharing become more common, extending to sharing data between companies and their suppliers, it is important that due diligence is carried out by the lead organisation to ensure the risk of third part cyber security failures are minimised.   Internet of Things (IoT). The pace of adoption of IoT devices continues to accelerate and is likely to pick up even more as the 5G mobile standard becomes commonplace. However, the 5G network will not improve security. It brings about its own challenges – more devices connected means much higher volumes of data to manage and secure. Future, AI-enabled security measures will prove invaluable in tracking, isolating and securing organisations’ data networks.   Business operations. A significant proportion of industrial infrastructure is aging and unable to withstand the sophistication of today’s malware attacks. As firms expand their IT and OT presence and become more connected, they are creating greater points of attack for malicious agents. It will be important for companies to fully audit all their IT and OT assets and, where possible, fully separate the two.   Employees. An organisation’s staff – at all levels – remain one of the most common causes of security breaches, whether accidental or intentional. Firms are held accountable for the actions of their employees, and therefore it is vital that they develop stringent controls over internal access to and control of the data they are collecting.   Mergers & Acquisitions. Globally M&A deal values are predicted to top US$4 trillion in 2019, which offers an indication of the size and speed of the market. It is vital that the appropriate cyber due diligence be done when companies undertake the process of acquiring others if they want to ensure seamless transitions in the future.   Regulatory. Organisations are increasingly competing in a global marketplace, multiplying their exposure and risk compared to solely domestic operations. And, as high profile and substantial fines last year have shown, regulators are no longer willing to give up the chase at the border. Most firms need to be informed and compliant with a raft of regulations in whichever market they are operating in.   Board of directors. The Buck Stops Here is still an important truth in terms of directors & officers when it comes to ensuring data security practices and regulatory compliance. Gratifyingly cyber security is increasingly understood and acted upon at board level but more leading from the top is required.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."