sb-as logo
Story image

The attack surface: 2019's biggest security threat

15 Feb 2019

As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.

Aon’s national practice lead for cyber insurance Michael Parrant says that businesses are adopting technology at a rapid pace, but that also means there are also a growing number of ‘touch points’ within a business that can be exploited.

“We believe the future of cyber risk management must be proactive, oriented around sharing threat intelligence, and collaborating within and across enterprises and industries; ceaselessly hunting for bad actors; and raising the bar on preparedness for the inevitable day when a strike does come,” says Parrant.

However, the last few years have brought increased regulatory oversights such as the European Union’s GDPR and Australia’s Notifiable Data Breaches scheme.

Parrant believes these provide increased financial and reputational motivation for local businesses to take action.

The report points out a number of areas that businesses should focus on to reduce their cybersecurity risk in 2019.

Technology. As integrated technologies such as ‘X-as-a-service’ (XaaS) and ‘Infrastructure-as-a-service’ (IaaS) continue to transform bricks-and-mortar industries, it is important that each assesses its own unique exposures rather than try and adopt an off-the-shelf strategy to manage and mitigate risks.   Supply chain. As cloud-based services and sharing become more common, extending to sharing data between companies and their suppliers, it is important that due diligence is carried out by the lead organisation to ensure the risk of third part cyber security failures are minimised.   Internet of Things (IoT). The pace of adoption of IoT devices continues to accelerate and is likely to pick up even more as the 5G mobile standard becomes commonplace. However, the 5G network will not improve security. It brings about its own challenges – more devices connected means much higher volumes of data to manage and secure. Future, AI-enabled security measures will prove invaluable in tracking, isolating and securing organisations’ data networks.   Business operations. A significant proportion of industrial infrastructure is aging and unable to withstand the sophistication of today’s malware attacks. As firms expand their IT and OT presence and become more connected, they are creating greater points of attack for malicious agents. It will be important for companies to fully audit all their IT and OT assets and, where possible, fully separate the two.   Employees. An organisation’s staff – at all levels – remain one of the most common causes of security breaches, whether accidental or intentional. Firms are held accountable for the actions of their employees, and therefore it is vital that they develop stringent controls over internal access to and control of the data they are collecting.   Mergers & Acquisitions. Globally M&A deal values are predicted to top US$4 trillion in 2019, which offers an indication of the size and speed of the market. It is vital that the appropriate cyber due diligence be done when companies undertake the process of acquiring others if they want to ensure seamless transitions in the future.   Regulatory. Organisations are increasingly competing in a global marketplace, multiplying their exposure and risk compared to solely domestic operations. And, as high profile and substantial fines last year have shown, regulators are no longer willing to give up the chase at the border. Most firms need to be informed and compliant with a raft of regulations in whichever market they are operating in.   Board of directors. The Buck Stops Here is still an important truth in terms of directors & officers when it comes to ensuring data security practices and regulatory compliance. Gratifyingly cyber security is increasingly understood and acted upon at board level but more leading from the top is required.

Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
Commvault expands Metallic SaaS portfolio
Metallic Cloud Storage Service brings together technology from Commvault and Microsoft Azure for security and scale.More
Link image
Why the threat of ransomware requires quality resources to keep it at bay
With this ransomware prevention kit, learn actionable tactics for IT departments on how to manage backups and enable staff so that ransomware is a managed and controlled risk.More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More