There is no single ‘silver bullet’ for cybersecurity. Organisations must take a holistic enterprise approach to implement a successful cybersecurity strategy to reach a state where they are sufficiently ‘cyber resilient’.
Digital World and Cyber Connectivity
In the current digital world, businesses and customers are becoming more connected via digital devices and cloud based services. Within this environment of digital connection, cybersecurity has become a major concern for most businesses and organisations. Cybersecurity is now a key enabler to the success of this Digital Age. To deliver online customer services, companies face cybersecurity related risks and threats constantly, ranging from data breaches to identity theft, business interruption and malicious intrusions.
The digital world continues to evolve with innovative business models for better and faster customer services using cloud based systems and connected devices. Many businesses and enterprises have re-invented themselves by adopting digital and social media channels to serve customers in order to meet increasing demands or retain relevance. The IT industry has also embraced Cloud Computing by using Software as a Service (SaaS) or Platform as a Service (PaaS) to deliver cost reduction and time-to-market with unprecedented agility.
This digital world comes with growing challenges of cyber risks. Today’s security officers are innundated by reports about malicious activities exploiting the vulnerability created by our growing dependence on digital technologies. These threats and risks include malicious malware, ransomware to financial frauds and data thefts. More serious threats involve cyber attacks such as Denial of Access. At corporate IT network level, cybersecurity threats can originat from either external or internal sources. Recent well-known cyber breach incidents include the federal census debacle in 2016, the incident with Bureau of Meteorology and customer data theft within David Jones. Recent cybersecurity trends from AISA statistics show:
- Increasing ransomware attacks, distributed via spam emails as attachments
- Malicious advertisements in applications and software as a service
- Phishing from public available personal data combined with Business Email Compromise (BEC)
- 90% of cyber attacks are commercial and enterprises, and 10% are state-to-state cyber attacks
There is no single ‘silver bullet’ for cybersecurity. Organisations must take a holistic enterprise approach to implement a successful cybersecurity strategy to reach a state where they are sufficiently ‘cyber resilient’. The strategy is not to eliminate or stop cyber threats and breaches; instead, it intends to implement processes to better detect, deter and respond to cyber threats and breaches. The approach includes the following six key steps, as defined by the Australian Cyber Security Research Institute:
- Understand Cyber Risks
- Understand Consequences
- Understand Systems and Data
- Cyber Intrusion Prevention & Detection
- Empower Employees
- Response and Eradication
At the end of the day, security is not just a growing requirement – it’s an evolving culture.