Cyber crime has been on the rise in Australia and New Zealand, and is likely to continue. Between July 2015 and June 2016, Australia’s Computer Emergency Response Team (CERT Australia) responded to 14,804 cyber security incidents affecting Australian businesses.
Of these, 418 involved systems of national interest and critical infrastructure. Preventing such attacks is vital to an organisation’s success and to the overall health of Australia and New Zealand’s information economy.
However, it does not look like the number of cyber threats is going to let up this year. The expansion of the Internet of Things (IoT), the proliferation of connected devices and the growth of cloud computing all mean that an organisation’s ‘attack surfaces’ are growing. The more interconnected an organisation is within cyberspace, the greater its attack surface becomes to a cyber actor.
Too often, security operations lack sufficient rigour and consistency and key people are unaware of their organisation’s vulnerabilities. Organisations might employ a range of ad hoc processes and capabilities that offer varying levels of effectiveness. In addition, many fail to practice good enterprise-wide ‘security hygiene’ – including basics such as access control, two factor authentication, rigorous vulnerability management and password policy compliance. Security is often seen as an afterthought for many businesses.
Australia and New Zealand businesses must protect themselves by developing comprehensive cyber defence strategies. Achieving best-practice operational effectiveness can deliver a wide array of security-related benefits, ranging from fewer successful incursions to faster response times and quicker recoveries when attackers do hit.
In 2017, Australian and New Zealand organisations can take a number of steps to improve their security operations:
- Invest in talent where it makes sense - In the current high-turnover environment, firms often expose themselves by having only one person responsible for a security area, such as malware reverse engineering or incident response. If that person leaves, all the knowledge goes with them. Organisations need to create new value propositions that go beyond compensation, such as providing access to cutting-edge tools, training, and peer and industry knowledge sharing. Other incentives include the chance to participate in conferences and opportunities to innovate by adapting tools and technologies to new applications.
- Automate intelligently - Good security organisations are relying less on ‘eyes on glass’ by automating monitoring tasks, and introducing security analytics. This can help them deal with basic threats like ‘spear phishing’, where the attacker personalises emails sent to recipients. Currently, most organisations do this work manually. However, with the rapidly increasing volumes of security data, organisations must scale their responses appropriately using automation to eliminate the ‘noise’ in security.
- Contextualise the collected threat data - Organisations must determine whether the security team understands enough about specific assets to contextualise threat data effectively. For example, as the business expands, security needs to know what to look for in the threat feeds and how it ties to the growing attack surface.
- Know what you don’t know - Identify the types of questions that the security team can’t answer with its current capabilities, and then pinpoint the data needed to operate effective analytics and provide clarity. The organisation may not be asking the right questions, or may not have the visibility to see the required data. It’s particularly important to address this issue given the rapidly expanding digital attack surfaces it needs to cover with the growth of cloud and other network elements.
- Invest in a highly efficient operating model - Several models align IT services with the needs of an organisation’s business side, providing a touchpoint for developing effective security operating strategies. Given the near-constant rate of change of IT, as organisations integrate massive new cloud and IoT assets into their networks, they need to manage the evolving role of the security team. Factors to consider include risk management, business liaisons, the use of ‘hunting teams’ and staff job rotations.
- Find a sparring partner - The sparring partner needs to apply all of the attacker’s creativity and intent to ensure that the company’s security innovations keep pace with the latest and growing hacker advances. That means engaging all of the business stakeholders: insurance, risk management, marketing and communications, legal staff, the fraud team, and so on. Done right, the sparring partner approach replicates real-world attacks to a far greater degree than is possible by running tabletop exercises, working through compliance checklists or conducting an annual penetration test.
By following specific steps to improve their security operations and establish an effective operational model, Australian and New Zealand organisations can protect their data, their customers and their future.
Joshua Kennedy-White is the Managing Director for Accenture Security in Asia Pacific.