?CSO Perspectives – Security readiness is the key to effective response

At this year's CSO Perspectives Roadshow Leon Fouche, BDO's national leader for cyber security walked the audience through a number of different security reports to paint a picture of the threats today's world is facing.

Citing data from the World Economic Forum, Fouche noted critical information infrastructure breakdown, data fraud or theft, and cyberattacks are the most likely risks businesses are facing.

He said there are six main groups of threat actors we need to be aware of: hacktivists, criminals, insiders, agents of espionage, terrorists and nation-state actors. And while attacks on servers and networks were becoming less popular, malicious actors are focussing their efforts on individuals and personal devices. Increasingly, it is law enforcement agencies and other third parties that are telling breached parties that they have been compromised.

Fouche said the number of attacks has risen, spending on security has not kept pace.

Looking at the BDO and AusCERT Cyber Survey from 2017, Fouche said the 400 respondents reported ransomware, phishing, DDoS and malware as the most common cyber incidents.

So while the threat level escalate but spending fails to keep pace, Fouche said companies that have the least resistance to leveraging investments in cybersecurity are those who have allocated a high-level resource who can bridge the gap between operational teams and senior management. He also noted a solid cybersecurity awareness campaign was critical for improving an organisation’s cyber resilience.

The data from the BDO and AusCert survey strongly supported this. Companies with programs in place reported significantly lower incident levels.

Making risks visible to the business was also important said Fouche. Regular assessments, the use of standards and identifying critical systems and data were all important in heightening awareness of cyber risks. He added the importance of constantly monitoring response mechanisms as threat vectors were constantly changing. Based on the data from the survey having a Security Operations Centre (SOC) was also critical.

Four in five companies with a SOC reported incident levels that were around 80% lower than their peers.

Many security experts point to the importance of information sharing as being critical in mitigating cyber risks. Many vertical industries, such as banking and utilities share information in order to ensure new risks are communicated as there are benefits in ensuring no one in a market is compromised.

Interestingly, fewer than a quarter of respondents found such networks offered significant value. However, over half were unaware such networks existed. And while there are many security and threat reports available, Fouche said focussed intelligence reporting would improve its effectiveness.

Cyber insurance has been a hot topic over recent years and it’s an area survey respondents were considering with just over a quarter saying they had some form of cyber insurance in place. Over half don’t have the insurance with 12% saying it was not needed in their company.

Fouche concluded his presentation by looking at two recent incidents; the Target US breach of November 2013 and the 2016 breach of the Australian Red Cross Blood Bank. After reviewing the timelines and processes that followed both breaches, Fouche offered the following advice.

  1. Know the value of your data/assets
  2. Know where your data/assets are
  3. Know who has access to it
  4. Know who is responsible for protecting it
  5. Know how well it is protected
  6. Know if the level of protection is within your risk appetite
  7. Know what to do when you are breached

The BDO AUsCERT Cyber Survey provides interesting insight into the current state of security readiness in Australia. But Fouche’s final insights point to the importance of understanding what you have so you can plan an effective defence and responses in the event of a cyber attack.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful cybersecurity companies