SecurityBrief Asia logo
Story image

Brennan IT's five tips to better your cybersecurity strategy

10 Apr 2017

What are the five things that can help protect your organisation from cyber attacks? Brennan IT says that even when attacks are reported, it can take years for legal proceedings to catch up with them.

It’s better to be prepared and Brennan IT says that the $6 trillion global cost of cybercrime shows that businesses must continue to review security policies, tools and systems to stay ahead of the attacks. 

“Cyberattacks now occur with greater frequency and intensity. Many of these go unreported or underreported. Even when they are reported and the cybercriminals are discovered, it can take years for legal proceedings to catch up with them,” comments Lyncoln de Mello, Brennan IT’s director of Cloud Services.

Case in point: The perpetrators of Yahoo’s 2014 data breach have only just been convicted.

IoT security is also under the spotlight at the moment; particularly as wearable technology in the workplace increases. The number of network endpoints rises, creating more avenues for attack, de Mello says.

“Organisations need to have the right security measures in place, including staff education, to reduce the likelihood of attack. Too many organisations rely on security measures that kick in after an attack has breached their environment. Instead, it’s better to focus security efforts on finding ways to prevent attacks from happening at all,” de Mello says.

So it’s all very well to understand the risks, but how do you put security measures in place? Brennan IT suggests five tips to making your security measures more effective.

1. Effective perimeter protection Effective threat mitigation requires strong network protection of IT infrastructure and data stores. Strong perimeter protection should be implemented in layers to protect all access points of an organisation, regardless of location. Many IT providers can deliver a complete network security solution as-a-service which means businesses can save on costs and don’t have to recruit their own security specialists.

2. Geo-blocking and exception listing With most attacks now originating outside of Australia it is important to consider using geo-blocking at the business’s Internet perimeter firewall. Increasingly, organisations with ecommerce facilities are hosting their websites and the databases serving those websites with a service provider that uses strong network level protection. However, in a global market businesses need to assess the compromise of geo-blocking based on its potential to limit legitimate traffic, for example sales leads from outside Australia.

3. Checking cyber defences by running regular advanced vulnerability scans It’s important to conduct regular health checks regarding where and how data is stored, and which applications are in use on the network or are taking up valuable network availability. Businesses should keep track of all users and what parts of the network each person has access to, and understand the potential threats that may exist. Protecting and maintaining systems and devices, and inventorying the environment can help to identify potential issues before they are exploited by cybercriminals or internal malfeasance.

4. Staff identity management Many businesses use externally hosted applications such as Payroll, HR information systems and travel management. This presents the challenge of managing access and role based permission during staff turnover and recruitment. IT service providers can deploy single identity technology to reinstate control.

5. Training staff and increasing awareness Many security incidences occur as a result of human error, i.e. employees opening phishing or whaling emails. With 30 per cent of phishing messages being opened by the targeted person(2), anti-spam and anti-virus solutions are no longer adequate to protect businesses from these styles of attacks. While employee education is key, it’s also important for organisations to use advanced protection layers to automatically filter spam and provide email security.  

“The increasing prevalence of cyber-attacks should act as a reminder for Australian organisations to review their security structure to identify areas for improvement. Looking holistically at how the business stores and backs up data, protects and filters emails, manages its cloud or on-premise IT infrastructure, and keeps staff educated in matters of cybersecurity, will highlight ways to modernise and increase the efficiency of the organisation’s security architecture,” de Mello concludes.

Story image
Aruba updates edge security platform with SD-WAN capabilities
Aruba’s latest iteration of its Edge Services Platform (ESP) has been quick to make use of HPE’s acquisition of Silver Peak in September last year.More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Egnyte ensures greater security across Microsoft 365 with latest integrations
The new integrations are aimed at helping mid-sized organisations prevent data loss, address a growing number of regional privacy regulations, and simplify the overall management of content with minimal administrative overhead.More
Story image
Zscaler expands CIEM solutions with Trustdome acquisition
Zscaler, the cloud security company, has officially entered into a definitive agreement to acquire Trustdome, a Cloud Infrastructure Entitlement Management (CIEM) company.More
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More