New year – same old security risks

cybersecurity, best practices

Think 2020 will bring some respite from the incessant onslaught of cyber-risks that became the new normal for Australian businesses in the 2010s?

It’s unlikely. Smart technologies – think automation, AI, machine learning and the cloud – are transforming business at an unprecedented pace. But to hackers and cyber-criminals, they don’t represent great leaps forward, merely additional opportunities to steal commercial secrets and wreak hi-tech havoc.

Here are four threats for enterprises operating in Australia to secure against in 2020.

Undocumented arrivals

Enterprises which are aware of each and every piece of hardware and software on the corporate network have always been unusual. In the age of apps, they’re a rarity. In fact, international research shows organisations are running up to 20 times more cloud applications than those officially sanctioned by their IT departments.

This shadow IT, as it’s known, is a major concern for Australian businesses. Every unknown system ups the risk of the host enterprise falling victim to a cyber-attack. Remediating incidents for which unknown programs and devices are the catalyst is not an easy task, and investing in network mapping software to drive unknown IT assets into the light should be a priority for local businesses this year.

Dangerous devices

The Industrial Internet of Things (IIoT) has been lauded as a game changer for Australia’s small business manufacturers. It has the potential to deliver annual productivity improvements of two per cent, according to Australia’s IoT Opportunity: Driving Future Growth, a 2018 research report prepared by PwC for the Australian Computer Society.

That’s the upside. The downside is the creation of an array of additional entry points into the corporate network. Unless businesses, including manufacturers, take steps to lock them down tightly, they can represent an easy entry for uninvited and unwelcome “guests”.

Partitioning the network into multiple segments can be an effective way to reduce the risk and minimise the damage, should an attack via the IIoT occur. Meanwhile, wireless intrusion prevention systems can be deployed to identify and neutralise unauthorised devices at the time of connection.

The assault on IP

As an enterprise, is your biggest asset your equipment, or the know-how needed to run it? Multi-factor authentication can be an effective means of ensuring only bona fide individuals are able to gain access to sensitive data, via the network. Meanwhile, data loss prevention solutions can enable the security team to detect and plug data leaks by analysing text files for sensitive information.

The battle for talent

The global cyber-security skills shortage has become an issue for businesses and organisations of all stripes. This shortfall is expected to burgeon, as increasingly frequent and ferocious attacks, and more stringent privacy legislation, increase the demand for individuals with the expertise to manage holistic security programs. Experts say Australia needs to train around 18,000 additional people by 2026, in order to meet the projected need.

Embracing automated and semi-automated systems, wherever practicable, will see small businesses more effectively protected and less vulnerable to staff shortages.

Securing productivity and profits

In 2020 Australia, cyber-security is a real and rising concern for enterprises and organisations across all industries. Successful hack attacks and data breaches can have a devastating effect on productivity, reputation and profits. Local businesses which hope to survive and thrive in this climate of heightened threat must be proactive about identifying and implementing effective measures to combat the danger posed by industrial spies, hackers and cyber-criminals.

Mark Sinclair, Australia and New Zealand Regional Director, WatchGuard Technologies