Story image

ANZ businesses need to reconsider security approach

29 Jun 2016

Businesses across Australia and New Zealand are focusing on the wrong things when it comes to cyber security, according to Palo Alto Networks, who says they often focus on measuring their success on the number of threats, what was detected, and the severity of those attacks, when planning and prevention is the key.

When it comes to analysing how vulnerable your organisation is to cyberattacks, businesses should be looking at what the value of their data is, where it is and whether it is protected adequately,” explains Sean Duca, vice president and chief security officer, Asia Pacific, Palo Alto Networks.

“Planning and prevention is the key. Businesses need to measure what they can control, such as threats and vulnerabilities,” he says.

“Businesses are also taking too long to find cyberattackers. For some companies it can take up to 227 days to realise a threat has happened,” Duca say.

“Businesses are failing to understand the motivation of cyber attackers. The key motivators include espionage, financial gain, hacktivism, mischief, and terrorism. Once you know what is of value to you, consider what would motivate an attacker to get to your data,” he explains.

“You can then clearly see what and how it needs to be protected.” 

Palo Alto Networks has identified five key questions businesses should ask themselves: 

What is the value of your data? Knowing what data is valuable to your organisation lets you determine the right process and control around it. 

Where is your sensitive data? Many organisations struggle to answer this question, which can lead to misappropriation of resources. Security controls can end up being used broadly across the entire organisation. This can result in increased costs to acquire and utilise those tools. Strategically applying the appropriate controls reduces the risk and cost to a business. 

Who among our employees has access to our sensitive data? Simply knowing who has access to a document or file server stops short of understanding when it’s accessed. It’s important to know what information is stored where, how easily people can access it, and what security or authentication measures are in place. 

When has the sensitive data most recently been audited for obsolescence, necessity, access control, and governance (ownership)? Not all information needs to be kept indefinitely and, for information that does, businesses should audit its use and access. Shrinking the sensitive data footprint of an organisation can reduce the cost of protecting it. 

How likely is it to be leaked if we were hacked? Measuring the risk associated with keeping sensitive data will let the CISO implement processes and technologies that will both reduce both the risk and the cost associated with protecting sensitive data. 

“Understanding what needs to be protected and why is critical to keeping security costs down and ensuring resources aren’t spread too thin,” Duca says.

“Businesses should periodically review their security posture with these five questions in mind to make sure they’re focusing on the right things.” 
 

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.