Protecting your business’s data, assets and people’s privacy is critical for success in 2020, but the continued rise of cybercrime makes this task more and more difficult.
It has become vital for enterprises to adopt a unified approach to IT security in order to protect every possible intrusion point and ensure that all staff are trained and aware of their security responsibilities.
The role of IT professionals and chief information security officers has evolved to the point where creating and implementing these unified approaches have become critical, as cybercrime attacks on Australian businesses become more common.
The current state of cybersecurity threats for business
Cybercrime attacks on Australian businesses increased by 26 per cent from 2017 to 2018 according to an Accenture Cost of Cybercrime study.
The average Australian business experienced 65 security breaches in 2018—a number which is expected to have risen again in 2019.
These are the leading methods of cybercrime currently impacting Australian businesses and why they are a major threat:
- Increased attack points: Over 80 per cent of Australian businesses have a strategic approach to cloud computing, either housing data and systems entirely in the cloud or split across both cloud services and physical servers.
On top of this, around 25 per cent of businesses now have some kind of practice that allows for staff to bring their own device to work. This means many more access points for potential intruders and more areas that need to be secured.
- Ransomware and malware: These methods remain the most common forms of cybercrime impacting Australian businesses, collectively making up 36 per cent of all attacks.
- Legislation: Mandatory data breach notifications have been a legislated requirement for businesses since early 2018 which requires enterprises to report any incidents that impact their clients. This can severely impact the brand and image of business if their current and potential clients and customers lose trust.
- More sophisticated phishing tactics: We might like to think we are awake to this tactic, dismissing emails and messages that pretend to be official (ATO, Australia Post, major banks etc). But the criminals are aware of this and are developing more cunning strategies that target more modern platforms like Slack and Salesforce.
- Supply chain attacks: Third parties that have access to business systems and data are a breach point for intrusion but only 21 per cent of Australian businesses will vet suppliers to assess risk. Australia is one of the slowest countries in the world to action these attacks as well, averaging 96 hours to respond with disaster recovery.
- AI being used as a weapon: Machine learning and artificial intelligence technologies continue to advance and become valuable tools for business. But these same technologies are being employed by cybercriminals to automate and improve their intrusion tactics.
How your enterprise can achieve a unified security solution
To ensure your organisation is well protected against cybercrime and adopting a unified approach to IT security there are several key steps you can follow.
The first step is to identify any barriers towards a unified approach, such as the IT operations across multiple departments, locations and the access provided to third-parties and suppliers. If these operations are not streamlined, it may not be possible to view the entire IT environment across the board, which creates vulnerabilities.
This visibility is crucial to be able to determine which end-user devices are accessing the IT environment and to be able to identify and determine potential threats before they become a major issue.
Cleaning up the IT environment will also assist in creating a unified approach, removing any legacy (old or obsolete) software and applications which may be unsupported, no longer being updated and patched and creating security vulnerabilities.
This attack thrived on infiltrating networks that used unpatched Windows systems and operating systems that were full of legacy apps. Cleaning up the IT environment and getting rid of old and obsolete software on your servers and storage devices is not only vital for the speed and ease of use of your network but to avoid opening the door to cybercrime as well.
And finally, remember that people are a business’s strongest asset and that they are also crucial when it comes to a unified security approach.
Intrusion can come from simple errors like clicking a malicious email masked as a genuine message, inserting an unsecured device to the network or leaving passwords in a physical or digital place where they can be easily accessed by outsiders.
Creating awareness of these issues and implementing the proper, regular training for staff and third parties that access your IT environment is crucial for a successful, unified security approach.
EMPR Solutions can help you to establish a strong, unified security approach at your enterprise. Contact us on 1300 289 867 to discuss your options today.