Video: 10 Minute IT Jams - An update from Fortinet

Australian and New Zealand businesses are not as ready to deal with cyber threats as they might think. That's the message from John McGettigan, Regional Director for Fortinet, who recently shared insights from the firm's latest Networking and Cyber Security Adoption Index.

Speaking about the research, McGettigan outlined the challenges facing local enterprises. "The automatic networking and cyber security adoption index is a major research piece that we've taken to examine the cyber security readiness and the approach of Australian and New Zealand enterprise businesses. There's some key takeaways that sort of contradict each other," he explained.

According to Fortinet's data, while a majority of respondents - 53 percent - consider themselves highly prepared to deal with breaches and cyber security threats, less than half can actually detect a security breach in under 90 days. Even more concerning, nearly a quarter of organisations surveyed reported it can take between two to three months to identify a breach.

"So what that leads us to believe is that there is some significant amount of work that needs to be done across enterprise businesses to improve their posture," McGettigan said.

Despite strong self-confidence among organisations in their readiness, practical security gaps remain. "Although they consider themselves well prepared to face cyber security threats, many specific actions need to be put in place for them to be genuinely prepared. Simple things like patching of software is still a problem," McGettigan noted.

Outdated software not only leaves systems vulnerable but is also symptomatic of larger issues. Fortinet's research also found a gap in cyber security assessment training, which McGettigan considers "incredibly important to get across the entire organisation to help prevent threats coming into the organisation." To address this, he recommended getting on board with a trusted provider of cyber security assessment training, describing this as "a great recommendation to all enterprise businesses."

Asked about opportunities highlighted by the research, McGettigan pinpointed people, process, and technology as the three key elements for improvement. "The findings in the index really indicate that organisations, to cope with the ever-evolving threat landscape, require a combination of people, process, and platform, which is what we focused on in our study," he said.

In particular, he pointed to upskilling staff as a crucial step that gained momentum during the Covid-19 pandemic. "We've seen a huge improvement through Covid - there was a lot of upskilling in the downtime that people had when they were working from home," he added.

But when it comes to protecting against advanced and persistent cyber crime, McGettigan outlined four practical steps for organisations. First, he advised establishing a zero-trust security platform, which helps prevent unauthorised access and creates a more resilient environment. "This will create a more secure environment that protects against unauthorised access users," he said.

Second, he stressed the importance of investing in current security technologies, including automation and artificial intelligence tools, to stay ahead of emerging threats. "Using automation and artificial intelligence tools so that you can keep up as quickly as you can with the up and coming threats," he explained.

Third, McGettigan encouraged adopting a cyber security mesh architecture, which Fortinet terms the "security fabric approach," to future-proof networks. "Embracing a mesh approach really helps lower the cost and complexity of the environment as well," he added.

Lastly, he circled back to the need for regular training and awareness programmes. "There is a big opportunity where we can prevent that low hanging fruit for the threat actors that [are] coming in and taking over, taking control of vulnerable users," McGettigan said.

With more employees working remotely, the attack surface for businesses has greatly increased. Laptops and computers, now seen as essential business tools, are frequently taken home and used on networks without the same protections as the office environment. This, McGettigan said, necessitates better training to ensure staff know how to protect themselves and company data, even when not on the corporate network.

"We think of a computer or a laptop now as a necessary part of our business and our tools, but we're often taking our laptops home, we're often working on networks that don't have that protection at work," he said. "So it's looking at training employees to understand when they're off the network how they should be using their laptops, using the company policy to understand how they can protect their staff when they're not in the corporate environment as well."

McGettigan believes cyber security is increasingly everyone's responsibility, not just the IT department's. "It's essential that that's offered to all employees that use IT equipment," he said. "The attack surface has just increased more and more with just remote working so I think the combination of remote working and user awareness is a big focus for all businesses - or should be."

As the cyber threat landscape continues to evolve, McGettigan's message remained clear: businesses must take proactive and comprehensive steps to protect themselves. "Getting on board with a trusted provider of cyber security assessment training would be a great recommendation to all enterprise businesses," he concluded.