Security threats have become a major issue for many organisations with the potential for a catastrophic impact to business on a number of levels. In addition, there are now significant penalties for data breaches in Australia as a result of new privacy legislation introduced last year.
The perception often exists that the biggest threat to an organisation is external, however, it’s almost always internal inadvertent causes that are related to an external targeted attack that pose the greatest problems. A user visits a compromised website and downloads a ‘codec’ to watch a video. A user opens a suspicious attachment. A user runs P2P and downloads malware. A user mistypes an email address and sends the payroll data or credit card details to the wrong person. Remote Desktop is exposed directly to the internet and hackers exploit it.
Security is not simply a case of better technology, it requires investment in processes and staff training. Users, for example, need to be educated and made aware of what a suspicious email looks like. In small-to-medium enterprises there is often a general lack of specific security skills and processes, and we see that most breaches are often the result of a simple firewall misconfiguration.
Without an effective and properly configured security solution in place, these attacks will always take place. How many CryptoLocker infections could have been prevented simply by following best practice and not allowing executable files over email? Answer: All of them! How many organisations have the ability to enforce such best practice? Not nearly enough!
To minimise data theft and counteract threats, end user organisations need to pay attention to their systems, reporting, logs and alerts. Most Unified Threat Management solutions now provide some accidental Data Loss Protection. Some include specific signatures for Australia and New Zealand to avoid false positives. In addition, if a company doesn’t have the internal expertise in security, there are lots of companies that can help on a contract basis. I see questions posted on online forums all the time related to specific security solutions that would be best answered by a security vendor. If the vendor doesn’t have a good forum or knowledgebase, it’s best to get another vendor.
Increased security threats have made organisational resilience critical and companies now need to ensure they include resilience and security as part of any risk assessment and risk reduction they undertake. If unacceptable risk is identified in terms of systems availability, whether on premise or in the cloud, then it needs to be reduced through duplication, protection, additional security and education.
Every organisation should have a disaster recovery plan which should be able to leverage actions taken within a resilience plan. With the notions of duplication, protection, additional security and education, EVERY staff member should know how to access resources and data critical to their job function in a variety of ways. Experience tells us that when a disaster recovery/business continuity plan relies on very detailed knowledge and planning by a very small number of people, there is considerable risk.
It lies with organisations today to appoint security vendors who will work with them to help protect their business against threats, not only by providing security solutions, but also by educating and improving knowledge and awareness of security by employees. Organisational resilience at all levels is the best investment and defence that a business can adopt to keep its business safe.
About the Author:
David Higgins was appointed WatchGuard Technologies’ ANZ Country Manager in 2014 and is responsible for managing the company’s market presence in Australia and New Zealand, overseeing new revenue opportunities, and managing local customer and partner relationships. He has more than 30 years’ experience in the IT industry in both direct sales and channel development for organisations including Trend Micro, Sophos, 3Com, ASK Solutions, Tech Pacific Australia and NEC Australia.