Secure your business

Data security demands a comprehensive approach

Highlights
  • Safeguarding company data requires a holistic approach that addresses cyber security, personnel and physical access vulnerabilities.
  • Invest in mutual interoperability between cyber and electronic security to extract the most value from data.
  • Customer data requires particular care, especially once mandatory breach reporting comes into force.

As Australia’s new data-breach disclosure law comes into effect, it’s high time to consider a comprehensive data-security solution.

Data and intellectual property theft have been thrust into the public spotlight this year, with high-profile cases such as the repeated targeting of US television network HBO, which resulted in leaked episodes of the smash-hit series Game of Thrones and various internal documents as well as unauthorised access to the brand’s social media accounts.

Telstra Security Operations Centre

These compromises involved a variety of attack vectors, including malware exploits, spear phishing and gaining physical access and removing data on hard drives. Cases such as this demonstrate the necessity for a comprehensive approach to data security that aligns cyber security, logical security and electronic security to achieve total situational awareness.

Cyber vulnerabilities: Ransomware

In the Asia-Pacific region, ransomware has become the most common form of malware deployed against private organisations, from small businesses with no cyber security infrastructure to international enterprises, the compromise of which costs millions of dollars in lost business and reputational damage.

With 24 per cent of Australian businesses experiencing a ransomware incident on at least a monthly basis in 2016, according to the Telstra Cyber Security Report 2017, prevention and response strategies are vital.

As ransomware has a very short shelf-life, the General Manager of Managed Security Services at Telstra, Thomas King, says rapid innovation is required to stay safe.

“Telstra’s Managed security services are about rapid development and rapid innovation,” King says. “We run a sprint every two weeks to incorporate new features, functions and bug fixes into the product. As rapidly as the opposition is enhancing their offence, our security services are evolving just as rapidly.”

Workforce vulnerabilities: Spear phishing

As the details of our lives become increasingly public online, cyber criminals are becoming more and more adept at personalising phishing messages to blend in with legitimate traffic. A far cry from the implausibly phrased emails that populate spam boxes across the world, spear phishing utilises the names, professions, images and even email addresses of a target’s friends, family and colleagues with the aim of duping people into opening an infected attachment or clicking a link.

Promoting awareness, education and best practice across an organisation is a vital step in preventing these attacks. Each and every employee across an organisation needs to take responsibility for its security, King says, and they need to understand how to limit any damage resulting from compromised systems.

“It’s important to recognise that everyone in an organisation represents a unique attack vector and can be the weak link in terms of cyber security,” he says.

“To stay safe, you need multi-layer defence and controls which encompass technology, people and processes, while balancing your risk and ensuring you can accomplish your business objectives.”

Access vulnerabilities: Physical compromise

Robust cyber security measures unfortunately cannot stop an unauthorised intruder simply walking out of an office, data in hand. Electronic (physical) security is equally necessary to ensure customer data remains secure and intellectual property doesn’t fall into the wrong hands.

Traditional electronic security measures, such as keycard readers and retina scanners, can also be aligned with digital systems including permissions structures, geographic data analysis, access logs and encryption to automatically identify potentially problematic users and downgrade their access.

However, you don’t need to overhaul your org chart to align these two complementary fields. Rather, it’s important to ensure key stakeholders across your organisation develop a shared vision of a what a converged cyber and electronic environment would look like and work backwards from that vision to discover the steps required to achieve this goal.

“It’s important to recognise that everyone in an organisation represents a unique attack vector and can be the weak link in terms of cyber security.” 

Thomas King, General Manager, Managed Security Services, Telstra

Customer data obligations

In 2016, the average data breach in Australia cost the compromised company $2.51 million and involved more than 18,000 breached records, according to independent researcher the Ponemon Institute’s 2017 Cost of Data Breach Study.

The costs associated with customer data compromise are likely to climb even higher due to the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017, which requires that all organisations subject to the Privacy Act 1988 notify potentially affected individuals in case of an “eligible data breach”, in which the breach exposes users to “serious harm”.

Failing to issue a notification carries a maximum penalty of $2.1 million for organisations, along with significant implications for their corporate reputation.

After instituting a comprehensive security plan that minimises the chances of data compromise in the first place, organisations should implement a robust data-breach response plan that includes a pre-drafted customer notification, distinctly delegated responsibilities and designated channels of communication.

With these in place, an organisation is well-situated to minimise the damage to its customers, reputation and bottom line effectively in the event of a data breach.

As everything becomes more connected so too must security management. Download the Converging Electronic and Cyber Security white paper.

Download

Related News

How to create an empowered and productive workforce
Liberate your workforce
Liberate your workforce
How to create an empowered and productive workforce

To meet the demands of a modern workforce, business leaders must decide on the right platform and implementation strategies for their business while catering to current conditi...

Two business partners working outside
Liberate your workforce
Liberate your workforce
How to drive workplace innovation with new technologies

The hunger for staying ahead of the pack as new technologies pave the way for change is especially important in the workplace. We discover the best ways to harness new tech and...

Man holding tablet and post it notes
Liberate your workforce
Liberate your workforce
How digital transformation can enhance your CX

Australian business leaders are waking up to the benefits of enhanced customer experience (CX) on their bottom line, and it impacts more than just customer care and marketing d...

Data sheds light on shadow IT
Optimise your IT
Optimise your IT
Data sheds light on shadow IT

The rise of “shadow IT” has seen various corporate departments take control of their own data and prevent central IT from managing service and costs effectively.