Why the employee factor in IT security is vital to protecting your company’s data
We live in a time when terms like phishing, ransomware, viruses and worms are part of everyday lexicon and thats not only among IT professionals. Cyber attacks in Australia are accelerating, with the state of the nations cybersecurity coming under greater scrutiny.
Millions of Australians have been impacted by several high-profile incidents Optus and Medibank to name just two which have exposed their customers personal data to hackers. While the federal government continues to take active steps towards revamping privacy rules and imposing greater penalties, analysts have described the recent incidents as a hacking frenzy, not helped by the current cybersecurity skills shortage.
But is the state of cybersecurity in Australia really that bad? To me, the answer is definitely no.
What we are seeing today is a challenge that has been with us for far too long. For businesses, governments, and individuals, cyber breaches are inevitable in spite of best laid plans.
In my observations, a fundamental issue here has been the deflection of cybersecurity as being solely an IT function and responsibility. Historically, this may have been accurate; but as more transactions are conducted online, issues surrounding the protection of data and personally identifiable information (PII) are really a wider business problem.
Business development short-cuts lead to long-term Cybersecurity headaches
A common dilemma we have encountered is when businesses hastily sign off on the development of new applications or customer service products, overlooking PII vulnerabilities. This pressure to cut corners might seem unlikely to end up as a breach at the time, but when it does, the consequences are severe. The Optus and Medibank breaches are cases in point, where the number of accounts hit were reportedly equivalent to 56% of the population.
When I see leaks that come from testing or development environments with access to production data thats not been scrubbed of PII, it usually means a short-cut has been taken due to timeframe for delivery or budget. Admittedly, some people do ask is it not the responsibility of the Security Operations Centre (SOC) to identify unauthorised access to these environments? Its a valid query which highlights yet more challenges faced by cybersecurity teams.
Firstly, lateral movement and unauthorised access are very difficult to identify in the modern enterprise network. This is because most SOCs are inundated with security alerts at a rate which cant quickly pinpoint which one of these is an actual cyber attack or breach. This is something I hear from Chief ISOs all the time and the problem is only getting worse.
Add to this, the other massive challenge of an undersized cybersecurity workforce, Our own research among Australian security leaders has revealed that over 96% of employees in ANZ organisations are facing increased pressure to keep their organisation safe; additionally 52% of Australians and 48% in New Zealand say they are in constant fire-fighting mode, leading to greater anxiety. The immense remote worker mobilisation during COVID lockdowns also led to the acceleration of cloud-based services, widening attack surface, as threat actors became increasingly familiar with environments such as AWS Azure and Google Cloud.
Nonetheless, the deeper PII challenge still remains the prioritisation of revenue vs cybersecurity. IT teams and developers are remarkably skilled at deploying infrastructure and developing codes faster than ever. But this is also leading to security blindspots burdening overstretched IT security teams and resources. Its important to know what is malicious by analysing detection patterns unique to your environment, to surface relevant events, reducing blindspots and noise.
Caring about protecting PII
Security breaches will continue to make headlines as hackers find new ways of exploiting critical assets inside an organisation. Its widely understood that data is the new gold for malicious actors and PII that is not publicly available, is the ultimate jackpot. When left unsecured, sensitive PII information such as tax information records, employee payroll, or insurance details can be exploited in a number of ways including ransomware and phishing attempts for criminal financial gain.
Organisations need to think like a hacker to go beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the cyber kill chain. Thats why organisations like our customer Churches of Christ in Queensland are deploying more advanced data protection and threat detection capabilities, leveraging AI and machine learning, to safeguard volumes of confidential information.
Ultimately, for security decision makers today, its about focusing on whats urgent, by having a view of threats by severity and impact, which enabes analysts to focus on responding to the most critical threats to reduce business risk.
So what can businesses do to protect their PII? Here are my top tips:
- Defending your organisation against PII breaches is a collective business responsibility not just an IT concern. Ensure that employees are aware and sensitised to their responsibilities in protecting their own and the companys data.
- Accept that a data breach is likely and attackers can gain access to systems, but make sure you can identify issues and act immediately. Adopting metrics such as mean time to detection and mean time to remediation can quickly provide the SOC insights, such as the security tools that may not be very responsive at the time of attack, and help redesign strategy.
- Look beyond Data Loss Prevention solutions as these dont solve every cybersecurity issue. Adopt holistic security measures that provide visibility of the entire enterprise, including on-premise, SaaS, IaaS, and PaaS, to ensure you can view lateral movement between environments and within tool sets.
- Use AI-driven Attack Signal Intelligence to prioritise real threats and not just simple anomaly detection. Intelligent threat detection technology helps cyber teams think like an attacker, going beyond signatures and anomalies to understand attacker behaviour and analyse detection patterns unique to your environment. AI-driven prioritisation also helps reduce alert noise, so security teams focus on threats by severity.
- Lastly but most importantly is the ability to respond within all these environments in the event of an attack. Detection is useless without response; ensure the business continuously works with cybersecurity teams to ensure the right skills are in place to prevent colossal damage.