Story image

How to scrutinise business partners' security - especially if they're financial firms

22 Aug 2017

Organisations may be taking a good look at their own cybersecurity strategies, but still put too much trust in other organisations and their security, according to Aleron.

The company says that financial organisations are most at risk because they are an attractive target for cybercriminals. Although they are starting to pay closer attention to their partners’ security postures, more needs to be done to ensure the right cybersecurity measures are in place.

Aleron’s director Alex Morkos says that banks are the most attractive targets.

“Australian financial institutions are generally very secure but, if the businesses they partner with or purchase from aren’t similarly secure, it could create opportunities for cyber attackers to gain access.” “Smaller organisations often don’t have the same stringent security measures as their larger counterparts, whether because they don’t have the resources or because they think their smaller size makes them a less attractive target. But a smaller company that does business with a bank is a perfect target for an ambitious hacker,” Morkos adds. “Banks are therefore increasingly demanding that the organisations they work with validate their security efforts. Smaller organisations looking to work with Australian financial institutions need to ensure they have the right security measures in place to ensure successful engagements and ongoing working relationships.” 

Aleron says that businesses who work with financial institutions should assess their security measures. It may be a daunting process for small businesses that may never have undergone such a rigorous security posture analysis.

Aleron provides three key steps to approaching potential partners

1.  Know and clearly define your cybersecurity and risk posture.  You should consider the key cyber assets in the business and what parts of the business could put others at risk if cybercriminals gained access.  2.  Find the security gaps within your risk posture and plan to address them.  It’s important to have a planned mitigation roadmap that takes all variables into consideration, rather than a reactive, tactical solution that may risk other parts of the business. Having completed step one, defining your cybersecurity and risk posture, you can quickly identify which gaps you don’t need mitigate.  3.  Appropriately budget.  Business leaders should ensure they have properly budgeted for any mitigation plans and have demonstrable governance to ensure these plans are appropriately delivered.  “Smaller organisations looking to engage with financial institutions should seek advice and input from an experienced, trusted partner to help them ensure their security posture is strong, as well as help them understand the process of working with these large organisations,” Morkos concludes.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.