As Australian businesses face up to a new generation of cyber-criminals, they are not the only ones developing ever more sophisticated technology. The challenges they face in staying secure are ever more advanced. These are not just a few disgruntled ex-employees they are dealing with, or teenaged hackers trying their luck (although those still exist).
Online crime is big business, with ever more resilient systems of attack. They have smarter tools, and more skilled perpetrators. They are also better resourced, whether funded by organised crime or by foreign governments. As a result, IT security professionals have had to develop new strategies for securing their environments.
Fortunately, vendors have seen the necessity of fortifying security in their products. Cisco, whose Annual Security Report makes essential reading for IT security people, put a lot of focus on network visibility in their advanced threat protection options. After all, if you can’t see a risk, it is a lot harder to deal with it. Their new generation of networking products adapts automatically to emerging threats, so they can respond very fast to attacks, and address security needs faster.
In spite of some exceptional products on the market, many Australian CIOs are less confident in their ability to prevent or withstand attack. Given the number of high-profile attacks over the last year, that is hardly surprising. After all, if major organisations with enormous available resources are experiencing breaches, it would be naïve to ignore the reality. It is not all doom and gloom, though – increasingly, there is an awareness at board level that IT security is worth investing in.
Cisco’s report found some startling trends. Almost a third of Cisco devices studied were no longer supported, and 92 per cent were running known vulnerabilities – averaging 26 each. Ensuring equipment is up to date makes you a smaller target, and is a relatively simple step. In fact, given the new technologies available, it is likely to be a cost-saving measure as well as boosting security; most newer generation products offer efficiency far beyond their predecessors.
Probably the biggest single measure any organisation can take to reduce risk is to regularly review security practices, but almost half of organisations in Cisco’s study – 44 per cent – miss this step. In the constant juggling act of managing IT, security audits can be easily overlooked or delayed. The methods used by cyber criminals evolve constantly, so what worked last year is unlikely to be enough today.
So why are businesses not investing more in IT security? For 39 per cent of those surveyed by Cisco, budget constraints were seen as a barrier to beefing up security. Independent security audits are probably the best investment that businesses can make, and they very often pay for themselves. Any good security professional should make recommendations for efficiencies, because streamlined environments are easier to secure. In fact, a lot of security improvements cost little or nothing, and can be put into action almost immediately.
For more information about security trends, Cisco’s 2016 Annual Security Report is available at www.cisco.com, or just ask the Computer Merchants security experts for a copy.