With the rise in successful cyberattacks, cybersecurity is becoming an increasingly strategic concern that threatens the foundations of enterprise value for businesses in Australia.
As Australia is a significant target for a range of cyber adversaries because of the country’s prominent role in the region, our dependence on information communication technologies will only increase in the future.
A recent report by the Australian Cyber Security Centre predicted that cybercrime activity will continue to increase over the next five years, despite efforts by many governments and security organisations to combat these criminals.
As such, the increase in successful cyberattacks is causing many Australian executives to question whether cyberattack prevention is truly possible.
Palo Alto Networks Asia-Pacific vice-president and regional chief security officer, Sean Duca, said in Australia, the prevailing perception is that cyber threats are becoming so advanced that companies can’t keep up.
“The logic goes that if getting compromised is inevitable, efforts should be focused on clean-up after a data breach. Yet, isn’t an ounce of prevention worth a pound of the best cure?
“We should all lead with a prevention-first orientation. This doesn’t mean that you must expect to be 100 per cent perfect all the time, but with a sound prevention strategy, attackers would need to design and develop unique tools every single time they want to attack an organisation,” he said.
“There is still a requirement to detect and respond, but we should not lead with that as a strategy. Why stand at the scene of the crime, when we may be able to do something about it first?”
According to Duca, channel partners have a key role to play in helping organisations develop and enhance their security strategy to deal with today’s security challenges, as well as empower businesses to secure themselves as they transform and grow.
“Partners should also look to see how they can help a business deal with a highly automated adversary and transform a business to automate their defences,” he said.
Duca suggested three ways partners can help.
Sharing intelligence: Partners can share threat intelligence with other businesses in real-time to reduce the number of successful attacks.
Education: Partners should educate the channel on how to identify and protect their organisations from threats. Organisations should look to move beyond a compliance check for this training and see how they can invoke change to better defend themselves.
Partnerships: Partnerships are key when it comes to mitigating the cybersecurity issue. Business leaders must continue to invest in the next generation and support them through measures such as training and professional development programs, mentoring programs, and succession planning.
Duca also mentioned that businesses that adopt a prevention-first mind-set will be better-equipped to manage cyberthreats.
He advised organisations should manage their cyber risks through the continual improvement and coordination of three key elements:
Technology: As computing power becomes less expensive, the cost of launching automated and sophisticated attacks decreases. Organisations can no longer rely on traditional or legacy security technology, or manual efforts by IT teams, to detect and respond to threats.
“Harnessing automation and integrated intelligence can continually raise the cost of making an attack successful. This helps to decrease the number of successful attacks,” Duca said.
People and processes: Executive teams must invest in continually improving security management processes to prevent successful attacks.
“Many successful attacks involve poor processes or human error. Employees must receive regular training on how to identify cyberattacks and what to do in the event of an attack to help reduce the organisation’s threat surface.”
Sharing: Organisations that share threat intelligence with other institutions in real time can reduce the number of successful attacks.
“We must assume that not all cyberattacks can be stopped. However, prevention is possible to the point where the number of successful cyberattacks is reduced, making it manageable from a risk perspective,” Duca added.