Cyber Security Cover Story

Navigating the IT landscape of the future: The cultural shift your business needs

T By Dr David Halfpenny Course Coordinator – Bachelor of IT (Network Security), TAFE NSW

22 | Australian Security Magazine

he future IT landscape is scary for businesses of today, but it is certainly not insurmountable. Naturally, as the value of data to people and organisations grows, ransomware attacks, data theft and extortion will also continue to be on the rise. But the threats are not just perpetrated through stealthy backdoor tactics, in fact, according to Verizon’s latest Data Breach Investigations Report (DBIR) the vast majority (82 per cent) come straight through the front door via internal staff and contractors. Unfortunately, for the most part, organisations are not equipped to deal with the threat that employees pose to the ongoing viability of the business, particularly from a talent perspective. The disruption achieved by the underworld of cyberattacks has been quite significant over the past five years, and it isn’t likely to slow down any time soon. While we are quickly finding advanced methods of protection and defence against these attacks, businesses are generally not equipping themselves adequately to implement them. Big companies such as banks that understand the value of their data have moved quickly to action what is expected of them to protect it. The problem stems from businesses that aren’t big enough or experienced enough to handle their own security, and don’t have capital to invest in it being managed as a service. It lies in both a lack of technical investment and perhaps more importantly, a failure to address the vulnerabilities exposed by people in the business.

The BIG threat One of the most common (and perhaps more dangerous) preconceptions is that businesses attract most cyber-attacks from the outside. This couldn’t be further from the truth. The biggest threat is, and always will be, people. No matter how good your security infrastructure, processes and procedures are, employees will always provide the easiest attack vectors. While the technical solutions to the problem are certainly not simple, they can be implemented without too much disruption. However, equipping a company with a healthy culture and standards around cyber security is a challenge that many deduce is too complicated to do anything about. The issue with this is that technical solutions can only go so far to protect your company if you have malicious, or more likely, negligent or ignorant employees with access to business data. Just about every workplace now has a dedicated program of occupational health and safety, but very few have similar schemes for creating a healthy cyber security culture. Interestingly, the concepts of physical safety and well-being are very similar to the concepts of cyber security. They all begin with creating a culture that sees and understands the threats, and propagates a natural predisposition to take appropriate action. The government’s recent budget demonstrates a renewed commitment to protecting existing infrastructures and invest in training for the cyber security