How to step up your security in an increasingly digital enterprise
With instances of malicious cyber activity, including destructive malware, ransomware and spear phishing on the rise, enterprise level companies are experiencing increasing levels of vulnerability when it comes to their digital security. Over the FY20-21 the Australian Cyber Security Centre (ACSC) saw a 13 per cent increase in cybercrime reports1 from the previous financial year, with a cyber attack now being reported once every eight minutes. In February 2022, the ACSC released an advisory2 for Australian organisations to urgently adopt an enhanced cyber security posture.
So, how can organisations balance continued innovation and growth with changing security needs? And, more importantly, what can enterprises do to reframe security as a key priority for business performance?
In a recent discussion hosted by business nbn® entitled ‘Enterprise Security: what is your weakest link?'3, our expert panel examined the big security challenges facing Australian businesses, and the important things to consider in strengthening security culture.
“If you lead your organisation, talk about security… Are you working for another leader? Get them to talk about security. Their voice is going to disseminate that culture and that culture's going to trickle down"
Phil Rodrigues, Head of Security - APJ Commercial, Amazon Web Services.
Embrace security as an enabler
Having an enterprise wide cyber security strategy is essential to ensure business’ continuity and growth. Organisations should treat security on par with any other business risk, including financial, quality, or occupational health and safety.
Factoring security risk into the overall risk strategy of a business helps ensure adequate controls are in place. This reduces exposure to cyber threats, so the business can continue to focus on innovation and expansion. A mature approach to cyber security should be seen as an enabler, and not an obstacle or added operational cost.
Build a security culture
Assess your security on a maturity scale
It is no longer enough to know if you have cyber security measures in place or not. Every business must assess its own threat environment and work to keep improving their cyber security posture.
Organisations with a mature security posture understand cyber threats are a foreseeable risk. They build trust in their teams and put appropriate security controls in place. The ACSC’s Essential Eight Maturity Model4 offers guidance to organisations on identifying a target level of security maturity suited to their environment, and working towards achieving that target.
Set security KPIs
Security risks will differ from business to business, so its important to take the time to identify the priorities for your business. Is it data or infrastructure? Is it technology or people? Then, within your overall risk assessment, select the security measures to address that priority and put KPIs in place to continuously measure and report on the criteria you’ve prioritised. Whether your security focus is patching systems, identity and access management or encryption, strive to achieve the KPIs you have set to keep your goals on track.
Presenting security reports in a clear and easily understood manner to board members helps them get a clear picture of how security risk can be effectively managed. Businesses should also consider a security audit by a third party – to get independent reporting and insights on security levels and risk exposure.
Secure your supply chain
As businesses grow, many parts of their operations are outsourced to suppliers. This allows them to scale and serve customer needs in a flexible and efficient manner. However, this can also expose an enterprise to security threats in the supply chain.
It is important to have trusted suppliers with visibility on the security measures they have in place to protect their platforms and services offered. Sharing your own security reports with suppliers helps build trusted relationships through the supply chain.
“The relationship you've got with your supplier has to be trusted. If it's not trusted, change suppliers"
Darren Kane, Chief Security Officer, nbn
Empower your people
Employees have a key role to play in keeping their organisation cyber safe. While data breaches can occur due to an employee clicking on a malicious link, this is often due to a lack of security awareness from poor training. Naming and shaming employees who may have unwittingly enabled a breach must be avoided at all costs. Regular cyber security training programs help keep staff updated on the nature of the latest threats. When people are empowered with the right knowledge, they become the true enablers of a culture of security.
A strong security culture protects the people, systems and processes in an organisation. It inspires trust in customers and partners, helps build reputation in the market and can improve business performance.
Catch up on the 'Enterprise Security; what is your weakest link?' expert panel discussion.
The need for everyone in organisations to play their part in enterprise security was one of the key themes to emerge in the recent expert live panel discussion hosted by business nbn™.
In the discussion entitled ‘Enterprise Security: what is your weakest link?’, the panel examined how security can be an enabler for enterprises, why healthy security culture is central to keeping organisations safe, and practical steps business leaders can take to build security culture.
The panel included:
- Darren Kane, nbn Chief Security Officer
- Rachael Falk, CEO, Cyber Security Cooperative Research Centre
- Nigel Phair, Director, Enterprise at the University of New South Wales Institute for Cybersecurity, and
- Phil Rodrigues, Head of Security for APJ Commercial at Amazon Web Services.