sb-nz logo
Story image

ANZ businesses need to reconsider security approach

Businesses across Australia and New Zealand are focusing on the wrong things when it comes to cyber security, according to Palo Alto Networks, who says they often focus on measuring their success on the number of threats, what was detected, and the severity of those attacks, when planning and prevention is the key.

When it comes to analysing how vulnerable your organisation is to cyberattacks, businesses should be looking at what the value of their data is, where it is and whether it is protected adequately,” explains Sean Duca, vice president and chief security officer, Asia Pacific, Palo Alto Networks.

“Planning and prevention is the key. Businesses need to measure what they can control, such as threats and vulnerabilities,” he says.

“Businesses are also taking too long to find cyberattackers. For some companies it can take up to 227 days to realise a threat has happened,” Duca say.

“Businesses are failing to understand the motivation of cyber attackers. The key motivators include espionage, financial gain, hacktivism, mischief, and terrorism. Once you know what is of value to you, consider what would motivate an attacker to get to your data,” he explains.

“You can then clearly see what and how it needs to be protected.” 

Palo Alto Networks has identified five key questions businesses should ask themselves:  What is the value of your data? Knowing what data is valuable to your organisation lets you determine the right process and control around it.  Where is your sensitive data? Many organisations struggle to answer this question, which can lead to misappropriation of resources. Security controls can end up being used broadly across the entire organisation. This can result in increased costs to acquire and utilise those tools. Strategically applying the appropriate controls reduces the risk and cost to a business.  Who among our employees has access to our sensitive data? Simply knowing who has access to a document or file server stops short of understanding when it’s accessed. It’s important to know what information is stored where, how easily people can access it, and what security or authentication measures are in place.  When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)? Not all information needs to be kept indefinitely and, for information that does, businesses should audit its use and access. Shrinking the sensitive data footprint of an organisation can reduce the cost of protecting it.  How likely is it to be leaked if we were hacked? Measuring the risk associated with keeping sensitive data will let the CISO implement processes and technologies that will both reduce both the risk and the cost associated with protecting sensitive data. 

“Understanding what needs to be protected and why is critical to keeping security costs down and ensuring resources aren’t spread too thin,” Duca says.

“Businesses should periodically review their security posture with these five questions in mind to make sure they’re focusing on the right things.”   

Story image
COVID-related email subjects biggest threat in phishing scams
Coronavirus-related email subjects remain the biggest threat in phishing scams, a new study has found.More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More