Lack of awareness about security threats and vulnerability continues to be one of the biggest challenges in the fast-changing evolving cyber security landscape, said a panel on cyber security at the CeBIT 2013 Cyber Security Conference in Sydney.
The reality of understanding security threats and what they represent is divided, according to Huawei global cyber security officer, John Suffolk.
“[There are] some that do and some don’t,” he said, speaking at the panel. “People understand attack but don’t understand the value of the asset.”
He added that great organisations understand the value of their assets and the related risk if those were to come under attack.
A cyber attack is like another bullet that companies need to guard against, he said, adding that proactively and routinely monitoring and protecting those threats is akin to hygiene, he said.
But technical skills can be crucial. “We can promote the ‘don’t drink and drive,’” but the need for driving skills is still important, as are technical skills as it boils down to the tactics that companies ultimately have to employ.
The best way to approach this lack of education would be to start early, according to University of Western Australia professor-at-large, Kenneth Morgan.
“Education starts at the technical level,” he said, adding that the technical understanding of the threats is a must for addressing this issue.
The trends of BYOD and social media are also adding to the worsening security landscape, he said.
While there are companies should also be thinking about protecting their brands, said Morgan.
Harking back to the pre 9/11-era and the dot com bust, and the Y2K issue, companies became serious about the cost to their brands.
“The issue of cost to brand and risk mitigation are key,” said Morgan.
There are some organisations and companies who are paying more attention after a recent spate of “wake up” moments, said IT-Harvest’s, chief research analyst, Richard Stiennon.
He cited that in the U.S. a malware-related incident over two years prompted the Pentagon to start actively resolving the malware threat in a response that took about nine months. Similarly, larger organisations like mining giant Rio Tinto and defense contractor Lockheed Martin have also upped their security efforts after facing malware threats that led to a “change in behaviour.”