Story image

The attack surface: 2019's biggest security threat

15 Feb 2019

As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.

Aon’s national practice lead for cyber insurance Michael Parrant says that businesses are adopting technology at a rapid pace, but that also means there are also a growing number of ‘touch points’ within a business that can be exploited.

“We believe the future of cyber risk management must be proactive, oriented around sharing threat intelligence, and collaborating within and across enterprises and industries; ceaselessly hunting for bad actors; and raising the bar on preparedness for the inevitable day when a strike does come,” says Parrant.

However, the last few years have brought increased regulatory oversights such as the European Union’s GDPR and Australia’s Notifiable Data Breaches scheme.

Parrant believes these provide increased financial and reputational motivation for local businesses to take action.

The report points out a number of areas that businesses should focus on to reduce their cybersecurity risk in 2019.

Technology. As integrated technologies such as ‘X-as-a-service’ (XaaS) and ‘Infrastructure-as-a-service’ (IaaS) continue to transform bricks-and-mortar industries, it is important that each assesses its own unique exposures rather than try and adopt an off-the-shelf strategy to manage and mitigate risks.   Supply chain. As cloud-based services and sharing become more common, extending to sharing data between companies and their suppliers, it is important that due diligence is carried out by the lead organisation to ensure the risk of third part cyber security failures are minimised.   Internet of Things (IoT). The pace of adoption of IoT devices continues to accelerate and is likely to pick up even more as the 5G mobile standard becomes commonplace. However, the 5G network will not improve security. It brings about its own challenges – more devices connected means much higher volumes of data to manage and secure. Future, AI-enabled security measures will prove invaluable in tracking, isolating and securing organisations’ data networks.   Business operations. A significant proportion of industrial infrastructure is aging and unable to withstand the sophistication of today’s malware attacks. As firms expand their IT and OT presence and become more connected, they are creating greater points of attack for malicious agents. It will be important for companies to fully audit all their IT and OT assets and, where possible, fully separate the two.   Employees. An organisation’s staff – at all levels – remain one of the most common causes of security breaches, whether accidental or intentional. Firms are held accountable for the actions of their employees, and therefore it is vital that they develop stringent controls over internal access to and control of the data they are collecting.   Mergers & Acquisitions. Globally M&A deal values are predicted to top US$4 trillion in 2019, which offers an indication of the size and speed of the market. It is vital that the appropriate cyber due diligence be done when companies undertake the process of acquiring others if they want to ensure seamless transitions in the future.   Regulatory. Organisations are increasingly competing in a global marketplace, multiplying their exposure and risk compared to solely domestic operations. And, as high profile and substantial fines last year have shown, regulators are no longer willing to give up the chase at the border. Most firms need to be informed and compliant with a raft of regulations in whichever market they are operating in.   Board of directors. The Buck Stops Here is still an important truth in terms of directors & officers when it comes to ensuring data security practices and regulatory compliance. Gratifyingly cyber security is increasingly understood and acted upon at board level but more leading from the top is required.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.