Why you must consider your cyber security defences before EOFY

data privacy, protect, procurement

Businesses that fail to properly secure their environments are leaving the door open to the increasing threat of cyberattacks and the resulting financial and reputational repercussions. In the wake of recent attacks and with the end of the financial year in sight, now is a good time for Australian businesses to strengthen their cyber security defences.

Most successful attacks can be traced back to ineffective company policies or human error. The impact from a successful breach can be felt across an entire company and may result in lost productivity, as well as a negative impact on the company’s reputation and a reduced ability to attract and retain customers.

When budgeting for the 2018 financial year, businesses should look to strengthen cyber security defences in key areas. For example businesses can do this by reviewing their cyber security policies and procedures, upgrading IT infrastructure and employee training to put themselves ahead.

We have identified three key security areas to strengthen security ahead of the new financial year.

1. Ransomware

Conservative estimates put the cost of ransomware to the Australian economy at $1 billion a year, and the number of ransomware attacks is likely to increase along with the cost to unlock devices.*

People are often the weakest link in the defence against cybercriminals. The focus of employee training should shift from reaction to prevention. Proven to be ineffective for organisations, pure compliance-driven approaches are usually not interesting or personal enough to capture employees’ imaginations. Organisations should focus education on how to protect personal data, as well as organisational data.

Training may take different forms, and organisations could consider gamification. Gamification will make training more exciting and engaging for employees, increasing awareness of cyber security practices, including how to respond to attacks correctly. Gamification also lets businesses recognise and reward employees when they follow policies and procedures, leading to continued positive behaviour and a more cyber secure working environment.

2. Internet of Things

Providing thousands of potential entry points, more and more endpoint devices are now connected to an organisation’s network as part of the Internet of Things (IoT). For example, closed circuit television (CCTV), tiny sensors attached to machinery, and even smartwatches and fitness trackers can put the business at risk if not properly secured. Many businesses may not be aware of the security risks these devices pose due to their automatic nature.

To protect the network, businesses must introduce appropriate policies and procedures. This includes educating employees regarding what devices they are able to plug into the network. Organisations should also use next-generation security technology to focus on the network and endpoints, and the data that flows within the network.

3. Weaponised data

A company’s data can be weaponised and used against it. Cybercriminals do this by leaking confidential information or infiltrating and corrupting data. The consequences range from reputational damage to material costs.

Businesses must know where sensitive data resides and who can access it, as well as what data is critical in enabling the company to operate, so they can protect it effectively. Surprisingly, many businesses struggle to answer these questions, which can make it difficult to protect resources adequately.

As we approach the end of the financial year, now is a good time for businesses to review and update their cyber security policies, making sure they understand the effect cyberattacks can have on their business. Businesses should take a proactive approach to their cyber security, ensuring policies and procedures are understood and adhered to by all employees.

* Assistant Minister for cyber-security Dan Tehan – http://www.abc.net.au/news/2017-05-15/ransomware-attack-to-hit-victims-in-australia-government-says/8526346

Ian Raper, Regional Vice President – ANZ, Palo Alto Networks