Why the employee factor in IT security is vital to protecting your … – iTWire

admin on March 22, 2023 Leave a Comment

GUEST OPINION: We live in a time when terms like phishing, ransomware, viruses and worms are part of everyday lexicon and thats not only among IT professionals. Cyber attacks in Australia are accelerating, with the state of the nations cybersecurity coming under greater scrutiny.

Millions of Australians have been impacted by several high-profile incidents Optus and Medibank to name just two which have exposed their customers personal data to hackers.

What we are seeing today is a challenge that has been with us for far too long. In my observations, a fundamental issue here has been the deflection of cybersecurity as being solely an IT function and responsibility. Historically, this may have been accurate; but as more transactions are conducted online, issues surrounding the protection of data and personally identifiable information (PII) are really a wider business problem.

Business development short-cuts lead to long-term cybersecurity headaches

A common dilemma we have encountered is when businesses hastily sign off on the development of new applications or customer service products, overlooking PII vulnerabilities. This pressure to cut corners might seem unlikely to end up as a breach at the time, but when it does, the consequences are severe. The Optus and Medibank breaches are cases in point, where the number of accounts hit were reportedly equivalent to 56% of the population.

When I see leaks that come from testing or development environments with access to production data thats not been scrubbed of PII, it usually means a short-cut has been taken due to timeframe for delivery or budget. Admittedly, some people do ask is it not the responsibility of the Security Operations Centre (SOC) to identify unauthorised access to these environments? Its a valid query which highlights yet more challenges faced by cybersecurity teams.

Firstly, lateral movement and unauthorised access are very difficult to identify in the modern enterprise network. This is because most SOCs are inundated with security alerts at a rate which cant quickly pinpoint which one of these is an actual cyber attack or breach. This is something I hear from Chief ISOs all the time and the problem is only getting worse.

Add to this, the other massive challenge of an undersized cybersecurity workforce, Our own research among Australian security leaders has revealed that over 96% of employees in ANZ organisations are facing increased pressure to keep their organisation safe; additionally 52% of Australians and 48% in New Zealand say they are in constant fire-fighting mode, leading to greater anxiety. The immense remote worker mobilisation during COVID lockdowns also led to the acceleration of cloud-based services, wideningattack surface, as threat actors became increasingly familiar with environments such as AWS Azure and Google Cloud.

Nonetheless, the deeper PII challenge still remains the prioritisation of revenue vs cybersecurity. IT teams and developers are remarkably skilled at deploying infrastructure and developing codes faster than ever. But this is also leading to security blindspots burdening overstretched IT security teams and resources. Its important to know what is malicious by analysing detection patterns unique to your environment, to surface relevant events, reducing blindspots and noise.

Caring about protecting PII

Security breaches will continue to make headlines as hackers find new ways of exploiting critical assets inside an organisation. Its widely understood that data is the new gold for malicious actors and PII that is not publicly available, is the ultimate jackpot. When left unsecured, sensitive PII information such as tax information records, employee payroll, or insurance details can be exploited in a number of ways including ransomware and phishing attempts for criminal financial gain. Organisations need to think like a hacker to go beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the cyber kill chain.

Ultimately, for security decision makers today, its about focusing on whats urgent, by having a view of threats by severity and impact, which enabes analysts to focus on responding to the most critical threats to reduce business risk.

So what can businesses do to protect their PII? Here are my top tips:

Chris Fisher is Director of Security Engineering for Vectra.ai in the Asia Pacific and Japan Markets.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.

DOWNLOAD NOW!

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

Read more:
Why the employee factor in IT security is vital to protecting your ... - iTWire

Related Posts
Posted in Cloud Hosting

Comments are closed.