Sometimes, the biggest misconceptions with cyber security are to
associate products and services with an ideal cyber security strategy and
create a bulletproof level of confidence. However, most of Australia's
ASX 20 organisations including the top four banking institutes, financial
services, capital markets and of course the government sector couldn't be
further from the truth.
Let’s take a look back over the last couple of years and months - recent
hacks have compromised some real sensitive details such as payroll information,
user personality tests, medical records, performance reviews, drivers’
licenses, personal addresses etc. As you can think, organisations at this
tier spends millions on cyber prevention however, organisations get
involved in an incredible amount of cyber security risk and breaches.
Why?
Often at times people talk about ‘people’ being the weakest link in the cyber security chain. I
disagree. People aren't the
weakest link if they are utilised correctly. "IT" people see users as liabilities, however, "IT" people do very little to
empower, educate and create recurring moments where if users see, or feel
something wrong is happening they challenge the situation. In most cases
attacks happen in less than 2 hours by doing a targeted attack on an
individual. Creating a level of pain, or associating a level of
discomfort where the user will likely want to know "more information"
and getting the user, to do a certain action which essentially causes the
breach.
Using
and complying with ISO standards is a good starting point, but as anything else
it needs more attention.
As part of our cyber security strategy the number one tactic many organisations
use is: to ensure they are ISO compliant –making sure they are following the
"frameworks and industry best
practices to prevent attacks" however, it doesn't seem to do
much. Having policies, documentation, standards and processes doesn't
mean anything. I'm here to give you the understanding that attacks are
real and guess what - organisations are doing exactly what each other are doing
- they are following one another and are in a state of what I call "mob
mentality ". Organisations should rather be in their own dedicated cyber
security tier and develop specific strategies that align with their core
business challenges.
Sometimes the best strategies and tactics to developing a winning
cyber security strategy is often having minimal and simple technology and no
flashy lights. -Not wanting to have the latest and greatest but
implementing clear and simple strategies that can take your organisation from a
somewhat
I can't wait to share with you some tactics that cost literally $0
to implement and give you a real false positive notification of an actual
threat taking place.
Still interested? Come and see my workshop on Maintaining ongoing cyber security within government organisations
at the Digital Government WA Summit 2018, Perth from the 4-6 December.
Still interested? Stay tuned for information on upcoming conferences and summits by following us on Facebook @ Akolade Aust
Andrew Constantine is the founder
of Australia's Largest Private Community of technology leaders specialising in
preventing cyber security threats with more than 3,000 private members.
His vision is to improve traditional cyber security education by introducing
the real world approach.
Being the author of the CIO
Solution Book - This was followed by the launch of CIO Cyber Security, a
private advisory firm designed to help fellow Technology Leaders raise more
cyber security awareness to executive management, by running simulated cyber
security attacks and cyber warefare scenarios in a controlled environment.
Andrew is an advocate of
giving back to the community and supports Bear Cottage -fundraising and supporting
children with life-limiting conditions.
No comments :
Post a Comment