Story image

Three key security hotspots to consider for your 2018 budget

19 Jun 2017

With the end of the financial year looming and the 2018 financial year around the corner, businesses are being asked to consider their cybersecurity policies and put better defences in place - or risk major financial effects in the event of a breach.

Palo Alto Networks says it's not just financial but reputational damage that could come from breaches.

“Most successful attacks can be traced back to ineffective company policies or human error. The impact from a successful breach can be felt across an entire company and may result in lost productivity, as well as a negative impact on the company’s reputation and a reduced ability to attract and retain customers," explains Ian Raper, Palo Alto Networks regional vice president, ANZ.

“When budgeting for the 2018 financial year, businesses should look to strengthen cybersecurity defenses in key areas. For example businesses can do this by reviewing their cybersecurity policies and procedures, upgrading IT infrastructure and employee training to put themselves ahead.”

He believes that when organisations start to budget for the 2018 financial year, businesses should start to look at their cybersecurity policies and procedures, upgrade IT infrastructure and employee training.

Palo Alto Networks provides three key areas to strengthen security.

1. Ransomware  Conservative estimates put the cost of ransomware to the Australian economy at $1 billion a year, and the number of ransomware attacks is likely to increase along with the cost to unlock devices.

Raper says people are the weakest link in cyber defence. Training should shift from compliance-driven approaches that aren't interesting or engaging to better methods.

“Training may take different forms, and organisations could consider gamification. Gamification will make training more exciting and engaging for employees, increasing awareness of cybersecurity practices, including how to respond to attacks correctly," he says.

Gamification also lets businesses recognise and reward employees when they follow policies and procedures, leading to continued positive behaviour and a more cyber secure working environment.” 2. Internet of Things Providing thousands of potential entry points, more and more endpoint devices are now connected to an organisation’s network as part of the Internet of Things (IoT).

For example, closed circuit television (CCTV), tiny sensors attached to machinery, and even smartwatches and fitness trackers can put the business at risk if not properly secured. Many businesses may not be aware of the security risks these devices pose due to their automatic nature.  

To protect the network, businesses must introduce appropriate policies and procedures. This includes educating employees regarding what devices they are able to plug into the network. Organisations should also use next-generation security technology to focus on the network and endpoints, and the data that flows within the network. 3. Weaponised data A company’s data can be weaponised and used against it. Cybercriminals do this by leaking confidential information or infiltrating and corrupting data. The consequences range from reputational damage to material costs.

Businesses must know where sensitive data resides and who can access it, as well as what data is critical in enabling the company to operate, so they can protect it effectively. Surprisingly, many businesses struggle to answer these questions, which can make it difficult to protect resources adequately.

“As we approach the end of the financial year, now is a good time for businesses to review and update their cybersecurity policies, making sure they understand the effect cyberattacks can have on their business. Businesses should take a proactive approach to their cybersecurity, ensuring policies and procedures are understood and adhered to by all employees," Raper concludes.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.