Businesses across Australia and New Zealand are focusing on the wrong things when it comes to cyber security, according to Palo Alto Networks, who says they often focus on measuring their success on the number of threats, what was detected, and the severity of those attacks, when planning and prevention is the key.
When it comes to analysing how vulnerable your organisation is to cyberattacks, businesses should be looking at what the value of their data is, where it is and whether it is protected adequately,” explains Sean Duca, vice president and chief security officer, Asia Pacific, Palo Alto Networks.
“Planning and prevention is the key. Businesses need to measure what they can control, such as threats and vulnerabilities,” he says.
“Businesses are also taking too long to find cyberattackers. For some companies it can take up to 227 days to realise a threat has happened,” Duca say.
“Businesses are failing to understand the motivation of cyber attackers. The key motivators include espionage, financial gain, hacktivism, mischief, and terrorism. Once you know what is of value to you, consider what would motivate an attacker to get to your data,” he explains.
“You can then clearly see what and how it needs to be protected.”
Palo Alto Networks has identified five key questions businesses should ask themselves:
What is the value of your data? Knowing what data is valuable to your organisation lets you determine the right process and control around it.
Where is your sensitive data? Many organisations struggle to answer this question, which can lead to misappropriation of resources. Security controls can end up being used broadly across the entire organisation. This can result in increased costs to acquire and utilise those tools. Strategically applying the appropriate controls reduces the risk and cost to a business.
Who among our employees has access to our sensitive data? Simply knowing who has access to a document or file server stops short of understanding when it’s accessed. It’s important to know what information is stored where, how easily people can access it, and what security or authentication measures are in place.
When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)? Not all information needs to be kept indefinitely and, for information that does, businesses should audit its use and access. Shrinking the sensitive data footprint of an organisation can reduce the cost of protecting it.
How likely is it to be leaked if we were hacked? Measuring the risk associated with keeping sensitive data will let the CISO implement processes and technologies that will both reduce both the risk and the cost associated with protecting sensitive data.
“Understanding what needs to be protected and why is critical to keeping security costs down and ensuring resources aren’t spread too thin,” Duca says.
“Businesses should periodically review their security posture with these five questions in mind to make sure they’re focusing on the right things.”