Story image

Three key security hotspots to consider for your 2018 budget

19 Jun 2017

With the end of the financial year looming and the 2018 financial year around the corner, businesses are being asked to consider their cybersecurity policies and put better defences in place - or risk major financial effects in the event of a breach.

Palo Alto Networks says it's not just financial but reputational damage that could come from breaches.

“Most successful attacks can be traced back to ineffective company policies or human error. The impact from a successful breach can be felt across an entire company and may result in lost productivity, as well as a negative impact on the company’s reputation and a reduced ability to attract and retain customers," explains Ian Raper, Palo Alto Networks regional vice president, ANZ.

“When budgeting for the 2018 financial year, businesses should look to strengthen cybersecurity defenses in key areas. For example businesses can do this by reviewing their cybersecurity policies and procedures, upgrading IT infrastructure and employee training to put themselves ahead.”

He believes that when organisations start to budget for the 2018 financial year, businesses should start to look at their cybersecurity policies and procedures, upgrade IT infrastructure and employee training.

Palo Alto Networks provides three key areas to strengthen security.

1. Ransomware  Conservative estimates put the cost of ransomware to the Australian economy at $1 billion a year, and the number of ransomware attacks is likely to increase along with the cost to unlock devices.

Raper says people are the weakest link in cyber defence. Training should shift from compliance-driven approaches that aren't interesting or engaging to better methods.

“Training may take different forms, and organisations could consider gamification. Gamification will make training more exciting and engaging for employees, increasing awareness of cybersecurity practices, including how to respond to attacks correctly," he says.

Gamification also lets businesses recognise and reward employees when they follow policies and procedures, leading to continued positive behaviour and a more cyber secure working environment.” 2. Internet of Things Providing thousands of potential entry points, more and more endpoint devices are now connected to an organisation’s network as part of the Internet of Things (IoT).

For example, closed circuit television (CCTV), tiny sensors attached to machinery, and even smartwatches and fitness trackers can put the business at risk if not properly secured. Many businesses may not be aware of the security risks these devices pose due to their automatic nature.  

To protect the network, businesses must introduce appropriate policies and procedures. This includes educating employees regarding what devices they are able to plug into the network. Organisations should also use next-generation security technology to focus on the network and endpoints, and the data that flows within the network. 3. Weaponised data A company’s data can be weaponised and used against it. Cybercriminals do this by leaking confidential information or infiltrating and corrupting data. The consequences range from reputational damage to material costs.

Businesses must know where sensitive data resides and who can access it, as well as what data is critical in enabling the company to operate, so they can protect it effectively. Surprisingly, many businesses struggle to answer these questions, which can make it difficult to protect resources adequately.

“As we approach the end of the financial year, now is a good time for businesses to review and update their cybersecurity policies, making sure they understand the effect cyberattacks can have on their business. Businesses should take a proactive approach to their cybersecurity, ensuring policies and procedures are understood and adhered to by all employees," Raper concludes.

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.