Australia under Cyber Attack - A timely reminder to embed trust and security company-wide

This morning Australian Businesses, Government departments and citizens awoke to Prime Minister, Scott Morrison and Defence Ministers, Linda Reynolds alerting us to a sophisticated state-based cyber-security business targeting government, businesses, and other broader institutions.

The Prime Minister would not be drawn on where the attack(s) have originated from, that remains to be seen and no doubt will become apparent in due time.

As businesses and governments, state and federal, scramble to assess, respond, and even recover from what appears to be an ongoing and far-reaching attack(s). This serves as a timely reminder for us to remain ever vigilant as the pandemic leaves us potentially more exposed than ever.

Although, 83% of Australian CISOs told ADAPT at last year's CISO Edge they believe their ability to deal with security threats has improved in the past 12 months the world of cybersecurity has never been so vulnerable.

Identity theft, malicious insider attack, Malware, cloud security breach, and social engineering led attacks were highlighted as major threats,

State-sponsored cyber-attacks ranked low as a concern, coming in at number seven as illustrated in the accompanying graphic, potentially leaving many organisations unprepared for what is currently transpiring. Exacerbated by the need to maintain BAU in the face of COVID-19 and the disruption that brought.

As most breaches occur due to human error and/or lack of awareness, we should always be focussing on embedding trust and security, principles, policies, and capabilities across all levels of the organisation and our people.

ADAPT has been advising our customers across Australia and New Zealand to help our employees take a whole of life approach to security where actions at work and at home are not mutually exclusive.

Below are some timely reminders as the importance of embedding trust and security across every layer of our businesses.

EMBED TRUST AND SECURITY

 What does it mean?

The new world will be built on the foundation of autonomous systems that will track and analyse the behaviour of humans and machines making decisions based on desired outcomes. These systems will have continuous access to personal data and hence be highly attractive for attacks. Security will be a core component of brand trust and differentiation.

Security models were designed to protect the traditional perimeter assuming everything within the organisation’s network can be trusted. However, this assumption fails in the new IT architecture design where mission-critical workloads are being moved to the cloud, contractors are developing applications; and gig workers and new generation workers prefer using non-corporate assets.

Organisations need to understand the new security perimeter and vulnerabilities associated with them. ADAPT defines the new perimeter as a unified set of People, IT Infrastructure, Network and Data – Read https://adapt.com.au/architecting-a-secure-and-resilient-organisation-an-adapt-deep-dive

 What are the key components?

ADAPT has identified three key components that executives should focus on, to embed trust and security.

 People as first line of defence

People are the weakest link within the security perimeter of an organisation. This includes – diverse workforce, gig workers, and partner ecosystems. As more work moves to a digital environment with a workforce that is not aware of the complexities of a digital workplace, it is more difficult to secure physical as well as digital assets. Apart from creating transparent security policies, organisations need to create robust and engaging security awareness programs that continually builds a ‘security first’ mindset within and outside the organisation.

Create secure infrastructure

Emerging technologies such as Artificial Intelligence, IoT, 5G and Edge Computing will provide a robust, quick, and large attack surface to hackers. Machine learning and AI are being used to create highly sophisticated attacks. Current solutions built on past principles and legacy mindsets will be insufficient in detecting, managing, and containing these attacks. ADAPT recommends having a phased approach to security technology implementation broadly categorised into – Awareness, Access, Threat Intelligence, Perimeter Security, and Next-generation Security.

Organisation and brand protection

Security will be a core component of brand trust and differentiation. Customers will actively avoid brands and organisations that have questionable values and trust levels. Given that today’s security measures struggle to prevent data and privacy attacks in the current world, these future environments will demand new approaches and awareness initiatives that incorporate whole-of-life, company, cross-industry, and government strategies.

Now more than ever, Business executives must take a cross-functional approach, which will shift the security conversation from metrics-driven reporting to value creation and trust-building based on the whole of life principles of security