Story image

Three key elements to protect Kiwi enterprises from cyber threats

13 Dec 2017

As newer and more complex technologies promise to open up a world of unparalleled growth opportunities, organisations must arm themselves with the knowledge and tools that will keep their information safe.

If businesses don’t put the right measures in place, they may be exposed to financial losses and reputational damage after just one successful breach.

The National Cyber Security Centre (NSCS) recently commissioned an independent evaluation of the potential impact of cybercrime on New Zealand businesses and found the potential cost would be around $640m annually.

Businesses today face the reality that, as soon as IT professionals develop ways to identify cyber threats, cybercriminals are looking at new ways to access systems.

With more cyber attacks occurring each day, cybercriminals are finding ways around security measures faster.

It takes just one unwary employee to divulge their password or plug in an unauthorised device, and they could fall victim to a cyber attack. This could also compromise the entire network of the business they work for, or put their own personal home network at risk.

Despite devoting more resources to cybersecurity, businesses in New Zealand remain confused about the best way to mitigate cyber threats, a reality that severely hinders their ability to lead in a digital era.

Business leaders are also finding it difficult to grow their immediate capabilities or plan long-term strategies because of fast-evolving solutions.

Organisations must remember cybersecurity is not a set-and-forget exercise. Businesses must reexamine their strategies to tackle unprecedented cyber threats.

Cybersecurity is an ongoing battle that requires constant vigilance. Organisations need to equip themselves with knowledge, experience, and tools that will keep their infrastructure, information and employees safe, as well as compliant with data and privacy regulations. 

There are three key elements for businesses to manage their cybersecurity effectively:

1. Use advanced cyber protection technology.

As computing power becomes less expensive, the cost of launching automated and sophisticated attacks decreases.

Organisations can no longer rely on traditional or legacy security technology, or manual efforts by IT teams, to detect and respond to threats. Harnessing automation and integrated intelligence can continually raise the cost of making an attack successful.

This helps to decrease the number of successful attacks.

Measures such as next-generation firewalls work to protect assets and create microsegments across the organisation, which increases visibility and decreases the threat of attacks.

In addition, organisations should establish ongoing risk-management procedures, routine self-assessments, and periodic security audits and reviews. These measures will deliver the best opportunity to protect valuable operations systems.

2. Prepare a strong prevention and mitigation plan.

Effective prevention of attacks before they happen decreases the overall attack surface and makes it much more difficult and prohibitively expensive for hackers to penetrate an organisation.

Detection technologies and incidence response have their place, but it is impossible to keep up with threats if the only answer is to clean up after the attack.

Focusing on preventions as a first step is not only possible but achievable, even against advanced attackers.

In case a cyberthreat can’t be prevented, having a strong cybersecurity response plan that clearly defines roles and responsibilities, and outlines how data can be recovered quickly in the wake of an attack is critical.

By regularly testing these plans through live drills and updating them as needed companies can avoid paralysis when an incident occurs.

Taking a proactive approach to cybersecurity means that businesses will be able to make better and faster decisions in crisis mode, build trust from customers, and be in the best position for long-term growth.

3. Take a holistic approach that includes people and processes.

The best defence against an all-encompassing threat is to put in place a consistent, overarching strategy that empowers all employees.

For an effective, preventative approach to cybersecurity, organisations must focus on the core processes based on a foundation of increased awareness, up-to-date training, and continuous learning.

Executive teams must invest in continually improving security management processes to prevent successful attacks. Many successful attacks involve poor processes or human error.

Companies must develop, communicate, and, importantly, enforce clear security policies to prevent vulnerabilities as much as possible. Providing up-to-date training and requiring employees to regularly revisit their knowledge of the cybersecurity environment is critical to a company’s security.

An effective training program reminds employees of best practices while ensuring they are aware of the latest traps to avoid. Training should also take place more frequently than once a year to prevent and mitigate successful cyber attacks.

By putting these three elements in place, businesses can reduce the risk of being attacked and avoid the costs associated with a successful attack.

Article by Ian Raper, regional vice president, ANZ, Palo Alto Networks

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."