Story image

How to scrutinise business partners' security - especially if they're financial firms

22 Aug 17

Organisations may be taking a good look at their own cybersecurity strategies, but still put too much trust in other organisations and their security, according to Aleron.

The company says that financial organisations are most at risk because they are an attractive target for cybercriminals. Although they are starting to pay closer attention to their partners’ security postures, more needs to be done to ensure the right cybersecurity measures are in place.

Aleron’s director Alex Morkos says that banks are the most attractive targets.

“Australian financial institutions are generally very secure but, if the businesses they partner with or purchase from aren’t similarly secure, it could create opportunities for cyber attackers to gain access.”

“Smaller organisations often don’t have the same stringent security measures as their larger counterparts, whether because they don’t have the resources or because they think their smaller size makes them a less attractive target. But a smaller company that does business with a bank is a perfect target for an ambitious hacker,” Morkos adds.

“Banks are therefore increasingly demanding that the organisations they work with validate their security efforts. Smaller organisations looking to work with Australian financial institutions need to ensure they have the right security measures in place to ensure successful engagements and ongoing working relationships.” 

Aleron says that businesses who work with financial institutions should assess their security measures. It may be a daunting process for small businesses that may never have undergone such a rigorous security posture analysis.

Aleron provides three key steps to approaching potential partners

1.  Know and clearly define your cybersecurity and risk posture. 
You should consider the key cyber assets in the business and what parts of the business could put others at risk if cybercriminals gained access. 

2.  Find the security gaps within your risk posture and plan to address them. 
It’s important to have a planned mitigation roadmap that takes all variables into consideration, rather than a reactive, tactical solution that may risk other parts of the business. Having completed step one, defining your cybersecurity and risk posture, you can quickly identify which gaps you don’t need mitigate. 

3.  Appropriately budget. 
Business leaders should ensure they have properly budgeted for any mitigation plans and have demonstrable governance to ensure these plans are appropriately delivered. 

“Smaller organisations looking to engage with financial institutions should seek advice and input from an experienced, trusted partner to help them ensure their security posture is strong, as well as help them understand the process of working with these large organisations,” Morkos concludes.

The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
New blockchain solution aims to keep our food ethical
OpenSC enables anyone to scan product QR codes which automatically takes them to information about where a specific product’s journey.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."