Story image

Three ways to proactively manage cybersecurity for Aussie businesses

02 Oct 17

Article by Simon Eid, Splunk A/NZ Area Vice President

There’s no guarantee your business will never be hacked. Organisations around the world have been impacted by WannaCry Ransomware which encrypted files, resulting in Australian organisations being immobilised.Shortly after this, cyber threats were again in the news as WannaCry’s evil twin brother, Petya, had a large impact in Australia, bringing down Cadbury’s chocolate factory in Hobart, Tasmania, as well as law firm DLA Piper Ltd.

These examples, along with the fact that almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis, underscore the urgency for cybersecurity to be approached from a business perspective. It’s no longer just an IT security system admin problem, focused on installing and configuring new network firewalls and deploying endpoint protection solutions.

This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner. For example, those organisations that ‘simply’ kept their systems up to date with the latest patches were resilient against the WannaCry Ransomware. Organisations who actively manage security are well positioned to mitigate damage and recover quickly. Here are three practical tips on how to do just that.

Maintain basic security hygiene

A data-driven security strategy underpinned by machine data is the foundation required to support cybersecurity initiatives. From monitoring whether basic security hygiene is being maintained to identifying weak areas that no one is looking after, a security information and event management (SIEM) solution is a good choice.

It’ll aggregate information and let you run regular reports to determine which systems are patched, provide information from vulnerability scanners, and update you on the status of endpoint protection solutions. SIEM will also alert you to any notable security anomaly happening, such as a virus or anomaly on the system. Another example might be having a highly vulnerable and unpatched network in place and a system suddenly performing a network discovery scan. This suspicious activity should ring alarm bells.

Monitor access to critical services

When it comes to user-authentication, relying on the inbuilt security of Microsoft Active Directory and its lockout policies will no longer suffice. Organisations need to dive into each digital service, figure out how that service is exposed externally, understand how people log on, how they reset their passwords and how new users are created. Then, identify the machine-generated data required to get those insights. Leveraging these data-driven insights is key to proactively detecting any outliers.

Define an incident response process and team

WannaCry and Petya point to the increasing trend that it’s not a matter of if your business will be hacked, it’s a matter of when.  You need to think ahead to what’s the organisational process, which people do you need to involve to take action, who can help answer questions about what happened, what do we need to do to stop it and who was impacted.

You need to make decisions about taking services offline, notifying the authorities or communicating to the media. This exercise goes beyond the IT security system admin role. Mature organisations already have crisis planning for ‘cyber risks’ included within operational planning.

The designated team is tasked with finding answers to all the questions about the breach. This information can usually be found in machine-generated data – which should be stored in a centralised platform, where the team can ask any question in a flexible way. With a scalable process, you can overcome any technical bottlenecks that may evolve during a crisis.

As IT security threats continue to evolve, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target. With recent security breaches in mind, Australian companies need to adopt this mindset sooner rather than later.

How Adobe aims to drive digital transformation for financial services
Digital transformation is a requirement for ongoing competitiveness that clearly helps businesses run more efficiently.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Microsoft NZ bids Goldie a “fond farewell”
Microsoft New Zealand director of commercial and partner business takes new role across the Tasman. The search for his replacement has begun.
Fujitsu’s WA data centre undergoing efficiency upgrade
Fujitsu's Malaga data centre in Perth has hit a four-star rating from National Australia Built Environment Rating System (NABERS).
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.