We recognise the difficult challenge facing organisation in ensuring their business is well protected. The range of defence strategies, tools and security advice on offer can be daunting.
That is why, we have brought the best of our global experience, technical expertise and thinking to the Australian cyber security landscape and created a simple 4-step cyber security framework that you can use to protect your organisation now and mitigate your cyber security risk long term.
Step 1. Personal protection
If we are not aware of how to manage security on a personal basis how can we manage security at work?
Our day to day activities blend our personal digital lives into our work digital spaces. As just one example, consider how our mobile devices allow access to personal emails and business emails.
We believe awareness and behaviour starts at the personal level.
Step 2. Get the basics right
Extensive research has identified that many successful intrusions begin where basic vulnerabilities exist.
What may appear as an innocent oversight can easily turn into a point of attack From the boardroom to network administrations, attitudes tolerating basic security gaps must change.
Not getting the basics right can at best, be embarassing; however at worst can quickly develop into negligent behaviour. Getting the basics right is crucial for every organisation irrespective of the extent of their online presence and when done correctly, can prevent the majority attacks becoming successful.
Step 3. Set the bar
The value of every organisation’s intellectual capital, customer information and sensitive data varies. For high value information assets and systems, you need to know what security risks are being taken and the capability required to manage your risks.
We recognise your organisation is unique and security plans need to be shaped accordingly.
Step 4. Under Attack
No longer should we ask the question, will you be attacked. Now, it’s a matter of when you are attacked, how damaging the attack will be.
Emphasis must shift to a technology and business level preparedness for attack, awareness of being under attack and having the capability to respond. When a breach occurs; the response must be rapid, thorough and decisive.