Story image

Security incident preparedness within reach of NZ businesses

15 Aug 18

A recent study suggesting New Zealand companies are falling behind the global digital transformation curve because of risk aversion and a growing gap in incident response preparedness may have come as a disappointment to the country’s leaders in digital security and IT. However, these issues are very familiar to companies around the world that have faced similar growing pains in recent years.

Fortunately, New Zealand’s business community is in a prime position to learn from those who have already overcome these challenges to balance risk with innovation efforts and propel the country ahead of the digital transformation curve.

While minimising security risk presents an ongoing balancing act for the IT suite as new technologies are introduced to market, ensuring a thorough incident response plan is in place will help secure support for new technologies, address concerns of regulatory agencies, and protect companies reputations in the event a vulnerability is exploited.

Today there are more than 25,000 different types of smartphones on the market, along with hundreds of connected technologies commonly implemented in offices, manufacturing plants, and other business environments. Each piece of hardware is tied together by one or more networks which may also include any mix of the hundreds of cloud storage and data management providers.

With so many components to consider – each one presenting unique opportunities for data or network access to fall into the wrong hands – it’s no wonder so many executives prefer to remain more safe than sorry when considering digitisation of processes or customer experiences. But, as with any big challenge, breaking down the roadmap into a few attainable goals can quickly set you on a path to success.

Determine which technologies are accessing your network

To properly respond to an incident, it is important you have a clear idea of how someone may gain access to a network. Are employees allowed to access the corporate email server with smartphones? Are they using cloud storage services such as Dropbox or Google Drive to manage documents?

These technologies offer enormous efficiencies in managing a business, but also allow for one text message, email, or copy/paste to result in a security incident or data breach with significant repercussions. However, because the value these technologies add to businesses largely outweigh the risk, allowing employees to access networks using these technologies may be justifiable and should be appropriately addressed in the incident response plan.

By gaining a clear picture of which technologies are currently accessing a network, IT leaders can determine the mix of vendors, policies, and risk components to address while considering how potential digitisation efforts impact, change, or add to the risk model.

Identify the right set of incident response tools

Incident response practices are as old as network technologies, which means many tools, processes, and vendors may no longer meet modern needs. As the number of device models on the market has increased exponentially, so has the number of devices each individual employee uses in the workplace. In fact, the average company network may have twice as many mobile devices as laptops or PCs, creating a very different risk profile than what may have been common 10 years ago.

When evaluating the right mix of tools, IT leaders should be wary of any platforms claiming to be a one-stop shop covering every type of technology. Mobile operating system developers continually push new versions, updates, and fixes to devices creating an ever-changing and dynamic challenge for these providers to maintain support.

Although no single tool will meet all needs, businesses should consider partnering with providers that have demonstrated long-term and substantial expertise in the technologies specific to the network. This may require adopting a mobile- or IoT-first approach to the incident response plan, as opposed to the desktop- and data centre-first schemes from the past decade.

Update data governance and employee policies

With a clear picture of the risk profile and the right portfolio of incident response tools in place, implementing a new plan is as simple as updating corporate policies.

IT leaders should be sure to address data governance procedures clearly stating how employees and technologies may and may not handle, store, and transmit sensitive information. Additionally, these policies should outline the permissions and procedures of the company in the event of a security incident.

Should an incident involve employee-owned devices such as smartphones, tablets, or home computers, the company may need an employee agreement in place to allow for the examination of these devices as part of an investigation.

With these components in place, New Zealand’s business leaders will be well prepared to address security risks resulting from digitisation efforts, tackle security incident investigations quickly and efficiently, and propel the country into the modern digital business era.

Article by Oxygen Forensics chief operating officer, Lee Reiber.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.