Secure your business

A stitch in time: The evolving world of security preparation

Awareness of the importance of security has never been higher – but many organisations are finding it challenging to translate awareness into preparedness.

Better prepared: Effective security planning

Head of Security Services at Telstra BTS, Stuart Low, shares his thoughts on the state of Australian security preparation.

Find out more about how we can test the effectiveness of your security preparations with our Cyber Security Health Check.

Find out more

Driven by new legislation, headline grabbing data-breaches and explosive malware attacks including NotPetya and WannaCry, research for the Telstra Security Report 2018 found that Australian businesses are undertaking more security preparation programs than ever before.

In previous years, we found that most Australian organisations were undertaking regular security auditing, but put less emphasis on other forms of preparation, such as creating data inventories, running internal risk assessments and security drills. This year however, our survey of more than 1,250 security professionals, revealed that Australian businesses are no longer conducting security audits alone – most are implementing a much broader array of preparation programmes.

This isn’t just because they’re concerned about business interruption or data breaches, however. Organisations are increasingly aware that projects without security built in from the outset have a much higher chance of not running to schedule or even being discontinued altogether. 

The security landscape is becoming more complex with legislation like the Notifiable Data Breaches scheme, the rise of convergence and new, more targeted threats. It’s become increasingly common that if you don’t take the time to get security right from the start, you might not have the ability to effectively address that issue further down the track.

As in previous years, the Telstra Security Report 2018 found that security audits remain the most common cyber security preparedness programs undertaken by Australian businesses, with 38% of respondents undertaking an audit in the past year.

“While the report proves the enduring importance of security audits, as everyone knows, they only provide you with a point in time of your security posture,” says Stuart Low, Head of Security in the Business Technology Services team at Telstra. 

“The problem is that organisations are continually changing, they are taking on new services, so you have to have a programme in place to be able to analyse those services that you're taking on. A continuous programme will help to underpin that.” 

Alongside changing environments, the report found that keeping a plan up to date with today’s rapidly changing security environment is a top challenge for security professionals – with 67% of Australian businesses estimating that as many as 55% of their breaches going undetected. 

Companies which conduct regular drills, rehearse their incident response plan and invest in red teaming to test their preparations perform better on average against new threats.

“We find that red teaming helps businesses to expect the unexpected and go through a number of scenarios,” Low says. “The red team can produce the unexpected and then see how an organisation can actually respond to that.”

In addition to highlighting previously unforeseen attack vectors, red teaming can also be an effective way to gauge the preparedness of the overall company – particularly against Business Email Compromise, the most common attack experienced by Australian businesses last year.

“We're able to set up phishing schemes, where we craft emails to impersonate a trusted source and then we're able to provide statistics to an organisation ongoing of how many people have clicked through, and what the uptake is,” says Low. “Over time, you can then start to see a pattern of how awareness training is helping your organisation.”

While improving their preparedness, it will also be important for organisations to identify opportunities to address multiple overlapping compliance regimes at once over the next 12 months and increase the efficiency of their plan rehearsals.

Download the Telstra Security Report 2018 here.

Find out more

Related News

Boxes on conveyer belt
Create transformative innovation
Create transformative innovation
IoT in focus: Transforming the supply chain

The Internet of Things (IoT) is powering a major digital transformation in supply chain management that's set to touch every part of the chain from floor to store and beyond. ...

Woman on her phone in an office setting
Liberate your workforce
Liberate your workforce
Making the switch to an IP-based telephony service

As traditional ISDN and PTN phone lines are decommissioned with the rollout of the National Broadband Network, Australian businesses need to find the right IP-based telephony s...

People standing around a workspace using a laptop
Optimise your IT
Optimise your IT
Fast, resilient and virtual: Our network for tomorrow

To meet Australia’s increasing demands for data, speed and network resiliency, Telstra is reimagining our network with software, virtualisation and 5G. The last decade has see...

tennis stadium
Reach global markets
Reach global markets
Over-the-top content with WTA and Perform Group

Across the world, sports fans are demanding higher quality video, with less delay and more features than ever before. We explore how the convergence of IP and traditional broad...