Story image

Cybersecurity measures aren’t enough to stem the wave of breaches

21 Jan 2019

Article by Tenable A/NZ country manager Bede Hackney.

2018 was a milestone year for data security and privacy. The rollout of legislative frameworks, such as the Notifiable Data Breach Scheme and the General Data Protection Regulation, brought to light the endless wave of cyber attacks confronting businesses every day. 

A recent report by the Ponemon Institute on behalf of Tenable found that 60% of organisations represented in the study say they have suffered two or more business-disrupting cyber events in the last 24 months alone. More than 2,400 IT and IT security practitioners in the US, UK, Germany, Australia, Mexico and Japan were surveyed.
In tandem with this, the Office of the Australian Information Commissioner revealed over 245 breaches were reported from July to September, signaling current security approaches are failing to keep pace with the surge of attacks.

The unfortunate reality is that the majority of Australian businesses aren’t able to quantify the business cost of this cyber risk, relying on outdated metrics which leave them exposed.

It’s high time to shore up measurement

With cyber security increasingly being elevated to the C-level, it is imperative that your plan is presented and endorsed by the C-suite and the board. However, less than half of Australian respondents (48%) measure and, therefore, understand what cyber risks are costing their organisations, leaving the C-suite and board confused about how to navigate risk and remediation strategies.

Traditional KPIs for evaluating business risks are insufficient for understanding cyber risk, as they fail to factor in the business cost, lack strategic direction and don’t offer any insight as to how businesses prioritise risk. This is hindering the ability of CISO to make informed decisions about the allocation of resources, leaving businesses vulnerable.

While most organisations are aware of the more important KPIs used to measure the business impact of a cyber attack, there is a clear gap in use and importance of non-security measures such as loss of revenue and productivity, as well as impact on share price. While conventional wisdom suggests a decline in stock price would be a major consideration in quantifying the risk of a cyber attack, it worryingly isn’t a prevalent factor for most businesses. 

Ride the wave through actionable insights

In the face of a rapidly evolving attack surface, new approaches to measuring cyber risk are needed to allow businesses to accurately quantify the consequences of cyber attacks.
To fully understand your organisation's level of cyber exposure, a holistic approach is required to understand the entirety of your attack surface. This includes identifying the business operations and assets most vulnerable to cyber attacks, including OT and IoT assets.

Once you’ve got a grasp of the area you’re trying to defend against and where the danger lies, detailed threat intelligence is needed to prioritise remediation efforts. As the endless wave of threats continues, security teams don’t have the resources to guess which vulnerabilities need to be remediated first. 

Tenable’s recent Vulnerability Intelligence Report revealed an enterprise uncovers 870 vulnerabilities per day across 960 assets, on average. And of those, more than 100 vulnerabilities are rated as critical. There is a clear onus on CISOs to implement security strategies which allow them to understand and prioritise vulnerabilities based on their potential impact on business operations. 

Master the tides 

Cybercrime is relentless, undiminished and unlikely to stop. To keep pace, CISOs must adopt new approaches to accurately manage, measure and reduce cyber risk. Implementing a robust vulnerability management program will empower security executives to confidently visualise, analyse and measure the business cost of cyber risk. Doing so will close their cyber exposure gap and ensure they’re in the best position to stem the rising tide of data breaches. 

Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide. 
50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Oracle Cloud whips up a breeze for Sydney yacht races
If data can help a boat go faster, racing teams and fans alike at this year’s SailGP in Sydney will get a front-row seat.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
Gartner debunks common AI misconceptions
“With AI technology making its way into the organisation, it is crucial that business and IT leaders fully understand how AI can create value for their business and where its limitations lie."
How Red Hat aims to accelerate business value with container technologies
Red Hat announced that leading global companies are creating, extending and deploying integration services across hybrid and multicloud environments using agile integration architectures based on Red Hat technologies.
IT employers having to up salaries and bonuses to attract talent
As the modern economy relies increasingly on data, it’s certainly a good time to be working in IT.