People-first approaches to managing your cybersecurity risks are vital to operating in today’s changing landscape. The Telstra Cyber Security Report 2017: Managing Risk in a Digital World, sets out the risks organisations face and offers guidance on managing those risks.
To help manage risk, Telstra has developed the “Five Knows of Cyber Security” – five simple questions for leaders to ask of their organisation. These questions shift the conversation from one that is purely technical to one that engages the entire C-suite.
- Know the value of your data
- Know who has access to your data
- Know where your data is
- Know who is protecting your data
- Know how well your data is protected
However, even businesses that have had consistent executive engagement in the past will need to reappraise their approach to cyber security.
“Companies need to progress from layering security controls on top of their technology architectures and business and commercial processes, to embedding cyber security and integrating it into their business model,” the report explains.
“The key is to integrate cyber resilience into enterprise-wide management and governance processes.
“The companies that do this most aggressively will not only reduce their risk, but also increase their operating efficiency and improve their value proposition with customers.”
Ensuring deep organisational compliance
The threat of cyber attacks is neither theoretical nor limited to companies of any particular size or industry. More Australian organisations of all kinds are experiencing cyber attacks than ever before.
The heightened awareness of cyber security breaches and their impact on business have led to CEOs taking a more prominent role in cyber security. However, the report urges deeper security engagement across the business.
Sales, marketing, HR, internal auditing and legal affairs teams are often the most deeply engaged with an organisation’s data but generally have limited direct involvement with security initiatives.
“This demonstrates the need to improve communications and engagement across the silos within the business to ensure that the right business and security engagements are in place,” the report urges.
The report also recommends cyber security awareness training for staff and developing and enforcing social media and email handling policies within the organisation.
“The risks associated with staff and contractors using email or social media cannot be underestimated, where private and sensitive company information may be exposed due to malware infections or shared inappropriately,” the report says.
Security in a ‘perimeter-less’ world
Today’s organisations live in a ‘perimeter-less’ world. Those clearly defined physical boundaries in which IT infrastructure was housed have been pushed out, blurred, transformed and in some cases erased. It is critical that as a first step, organisations need to gain visibility of their assets.
The rapid adoption of cloud services, while delivering considerable agility and portability, presents security challenges. More than half of Australian organisations that have adopted cloud services consider data theft their number-one risk.
Mobile malware is expected to take over traditional malware as the popularity of mobile devices increases. Traffic from wireless and mobile devices is expected to account for 66 per cent of total internet protocol traffic by 2020.
The rise of mobile applications and cloud-based environments also mean there is a heightened risk of malware spreading throughout an organisation’s IT environment from sources not directly managed by the IT department.
Given the multiplicity of threats and the emergence of new vulnerabilities, the question is how to know and prioritise addressing vulnerabilities.
Regular testing and review of incident-response plans are recommended to reduce recovery times and the impact to business continuity.
When conducting business in the digitised world, integrating cyber-resilience into all aspects of the organisation and connected third-parties is imperative.
“Cyber security is everyone’s responsibility and it needs to be built into the DNA of the organisation,” the report concludes.
“How well organisations respond to this challenge may well be an indicator of how successful they will be in the future.”
Learn how to proactively defend your business, brand, infrastructure and information assets against internal and external threats, with the Telstra Cyber Security Report 2017.Learn more
*Telstra Cyber Security Report 2017: Managing Risk in a Digital World