Story image

Three ways to proactively manage cybersecurity for Aussie businesses

02 Oct 2017

Article by Simon Eid, Splunk A/NZ Area Vice President

There’s no guarantee your business will never be hacked. Organisations around the world have been impacted by WannaCry Ransomware which encrypted files, resulting in Australian organisations being immobilised.Shortly after this, cyber threats were again in the news as WannaCry’s evil twin brother, Petya, had a large impact in Australia, bringing down Cadbury’s chocolate factory in Hobart, Tasmania, as well as law firm DLA Piper Ltd.

These examples, along with the fact that almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis, underscore the urgency for cybersecurity to be approached from a business perspective. It’s no longer just an IT security system admin problem, focused on installing and configuring new network firewalls and deploying endpoint protection solutions.

This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner. For example, those organisations that ‘simply’ kept their systems up to date with the latest patches were resilient against the WannaCry Ransomware. Organisations who actively manage security are well positioned to mitigate damage and recover quickly. Here are three practical tips on how to do just that.

Maintain basic security hygiene

A data-driven security strategy underpinned by machine data is the foundation required to support cybersecurity initiatives. From monitoring whether basic security hygiene is being maintained to identifying weak areas that no one is looking after, a security information and event management (SIEM) solution is a good choice.

It’ll aggregate information and let you run regular reports to determine which systems are patched, provide information from vulnerability scanners, and update you on the status of endpoint protection solutions. SIEM will also alert you to any notable security anomaly happening, such as a virus or anomaly on the system. Another example might be having a highly vulnerable and unpatched network in place and a system suddenly performing a network discovery scan. This suspicious activity should ring alarm bells.

Monitor access to critical services

When it comes to user-authentication, relying on the inbuilt security of Microsoft Active Directory and its lockout policies will no longer suffice. Organisations need to dive into each digital service, figure out how that service is exposed externally, understand how people log on, how they reset their passwords and how new users are created. Then, identify the machine-generated data required to get those insights. Leveraging these data-driven insights is key to proactively detecting any outliers.

Define an incident response process and team

WannaCry and Petya point to the increasing trend that it’s not a matter of if your business will be hacked, it’s a matter of when.  You need to think ahead to what’s the organisational process, which people do you need to involve to take action, who can help answer questions about what happened, what do we need to do to stop it and who was impacted.

You need to make decisions about taking services offline, notifying the authorities or communicating to the media. This exercise goes beyond the IT security system admin role. Mature organisations already have crisis planning for ‘cyber risks’ included within operational planning.

The designated team is tasked with finding answers to all the questions about the breach. This information can usually be found in machine-generated data – which should be stored in a centralised platform, where the team can ask any question in a flexible way. With a scalable process, you can overcome any technical bottlenecks that may evolve during a crisis.

As IT security threats continue to evolve, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target. With recent security breaches in mind, Australian companies need to adopt this mindset sooner rather than later.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.