Convincing the Board to stay one step ahead of cybersecurity

When senior management teams and boards review cybersecurity in their organisations today, what do they see?

Do they see the increasing requests for equipment, software, staff and budgets and think, “I thought we were already protected – why do we need yet more investment?”

Or do they see the ever-growing breadth and depth of attacks and the sheer determination of attackers to disrupt and steal from their business, and ask what else can we, or should we, be doing to stay one step ahead?

If you’re in the IT team, you already know that cybersecurity is a never-ending battle that requires continual investment. At a board level though, while they may not have the same view, we have seen within our client base a marked increase in board-level awareness and ownership of cybersecurity.

High profile data breaches such as Yahoo’s in 2016 have helped drive this increase in awareness, but the recent passing of the Government’s Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law has made it crystal clear. This legislation requires all businesses over $3m in revenue to

  • report any breaches or compromised personal data to the Privacy Commissioner; and
  • notify affected customers as soon as they become aware of a breach.

However, being aware of cybersecurity and knowing what to do about it are two very different things.

In fact, for senior management teams and boards, there is a growing concern that a level of cyber complacency is starting to set in where 80% of companies surveyed in the ASX 100 Cyber Health Check1 late in 2016, felt they are doing enough to protect themselves against cyber threats. This is despite the fact that 4 out of every 5 respondents expect cybersecurity issues to worsen.

When we look at our clients, we’ve seen a lot of investment over recent years in perimeter-based security, which is traditionally where the perceived weakness is – so boards may feel justified in their level of cybersecurity readiness. However, with the advent of Cloud, mobile and distributed application architectures, the concept of a perimeter has become very blurred and hard to define.

In the just released 2017 Internet Security Threat Report from Symantec2, they discuss that “new sophistication and innovation marked seismic shifts in the focus of attacks”, and “cyber criminals caused unprecedented levels of disruption with relatively simple IT tools and Cloud services.”

As a result, they have seen the highest rate of malware in emails in 5 years with an estimated 1 in 131 emails containing malware. In addition, Business Email Compromise (BEC) scams relying on spear-phishing emails are targeting over 400 businesses every day.

2016 also saw the first major attacks on IoT devices with the emergence of Mirai – a botnet composed of IoT devices such as routers and security cameras that was big enough to carry out the largest DDoS attack ever seen.

Today’s networks have many more points of vulnerability than ever – and that’s before taking into account attacks based on compromised credentials which require a completely different approach.

Cyber complacency is dangerous for every business.

The key takeaway is that cyber complacency is dangerous for every business. At the same time, it’s difficult for a business to continually invest in more staff, training and equipment to avoid drowning in alerts, logs, patches and processes. At some point, a business needs to find a way to better leverage their cybersecurity investments to get the protection and the scalable return they need.

One answer for the board and senior management may be that businesses need to stop trying to do it all themselves.

This doesn’t mean completely outsourcing cybersecurity, but looking at your internal capabilities and augmenting your internal teams with a service that can scale and take the bulk of the load. This is especially true for monitoring and alerts – getting the help that will enable your team to respond to a breach in real time and take immediate action.

If you look at the Data#3 Managed Security Service, we partner with Symantec to augment our service for this exact reason – they have a scale and capability that just cannot be matched by any internal IT team.

In their own words:

“Symantec has established the largest civilian threat collection network in the world, and one of the most comprehensive collections of cybersecurity threat intelligence through the Symantec Global Intelligence Network™. The Symantec Global Intelligence Network tracks over 700,000 global adversaries and records events from 98 million attack sensors worldwide. This network monitors threat activities in over 157 countries and territories.“ 2

A managed security service is still only one piece of the cybersecurity puzzle. However, with this specialised team helping you keep watch over your network, you can use your valuable internal security resources to continue the fight to stay one step ahead.

For more information contact Data#3.

  1. http://www.asx.com.au/documents/investor-relations/ASX-100-Cyber-Health-Check-Report.pdf
  2. https://www.symantec.com/security-center/threat-report

Tags: Cybersecurity, Managed Services, Symantec



Managed Services eBook
Your guide to Data#3 Managed Services

Digital disruption is causing significant changes in the workplace, leading to higher expectations for access, security, and support regardless of…

JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…

Data#3 named (HPE) Platinum Partner of the Year and Aruba GreenLake Partner of the Year
Data#3 enjoys double scoops at HPE/Aruba awards night

December 08, 2022; Brisbane, Australia: Leading Australian technology services and solutions provider, Data#3, is proud to announce that it has…

Azure BaaS
Protecting Data in a Cloud World: Will Backup as a Service be what Keeps Your Business Online Through a Crisis?

Very few organisations could run in a technology-free environment, so naturally, strong IT departments put considerable effort into business continuity…

Azure Site Recovery
Beyond Backup: The Role of Azure Site Recovery in Business Continuity

In the first of our Azure Backup blog series, we discussed the value of data, and the critical importance…