The changing cybersecurity threat landscape – Q&A with Lucas Salter, GM, Data Protection, Dell Technologies

gettyimages 758591537 1280x1280
Dell Technologies
  1. The threat landscape has changed dramatically over the past 18 months. What do business leaders need to know?

Changes to how we live and work during the pandemic has seen the amount of data we create grow at an accelerated pace. Not only are IT teams having to quickly learn to manage this influx of data but they also need to keep it safe.

According to the ACSC Annual Cyber Threat Report, the number of cybercrimes reported rose nearly 13 per cent in 2020-21, increasing a business’ risk substantiality. Cyber security and resilience are now forming an essential part of a solid IT strategy that will keep businesses running, even when it comes under threat. Regulatory requirements are also set to change this year which all business leaders need to be aware of, or they risk hefty fines.

  1. How can CSO effectively raise the issue of cyber resiliency with the board?

Despite being a critical risk for businesses, there is still confusion around the topic at board level. The best way to combat this is to educate key business stakeholders so they understand how a cyber-attack will impact the business, how a cyber resiliency strategy can mitigate these risks and the level of investment required.

According to the Dell Technologies Global Data Protection Index the average cost of data loss is US$959,493. Combine this with IT downtime, increased employee resources and damage to reputation, the risk is more than monetary and will be felt by all employees, customers and partners.

Changes to regulations in Australia will soon mean that board members of many businesses will be obligated to report cyber breaches and should be aware of their responsibilities.

  1. The best barrier of defense is a strong cyber resiliency strategy. How can security chiefs build this into the overall IT and business strategy?

The key to mastering cyber resiliency is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources” according to the NIST.

The first step is to assess the risk. Treat cyber resiliency like you would any other business imperative. Once you have run analysis on your applications, data and systems, identifying what applications need to be protected and what business data is at risk, you can apply the right level of investment to apply cyber security and resilience controls. The final stage is to plan how you will respond and recover with minimal business disruption. 

  1. How can business identify which data needs to be secured?

According to the Dell Technologies Global Data Protection Index, organisations are managing more than 10 times the amount of data than they did five years ago. With the shift to work from home and an increase in cloud services, it becomes clear that organisations are challenged to decide which step to take next when securing, managing and protecting data. Not all data is created equal and this needs to be acknowledged. Application profiling and data classification projects are on the rise as organisations ensure they are applying the right investment to the right data, while not over-investing in data of lower value. Fundamentally, though, organisations need to ensure their most critical systems and data are protected and recoverable in the event of a cyber-attack. Focusing on these first provides a clear way forward and highlights dependencies across an environment that can also be taken into account. 

Look to government and industry regulations for guidance and assess how valuable your data is to potential hackers and to the day-to-day running of your business.

  1. How will the upcoming Critical Infrastructure Bill affect Australian businesses?

The ACSC disclosed in September that one quarter of cyber incidents reported in 2020-21 were associated with Australia’s critical infrastructure or essential services. Changes to the Critical Infrastructure Bill will expand the definition to include 11 additional industries such telecommunications, data storage, financial services, education, and transport. Increased regulations and mandatory reporting of data breaches will improve Australia’s response to attacks and allow for businesses to learn from each and in turn better protect themselves. Improving the partnership between industry and government to meet higher standards across more sectors will not only benefit Australian businesses, but also Australian citizens who rely on the services provided by these sectors every day.

Measure your cyber resiliency today with the Dell Technologies Cyber Resilience Assessment.

Copyright © 2021 IDG Communications, Inc.