Secure your business

A stitch in time: The evolving world of security preparation

Awareness of the importance of security has never been higher – but many organisations are finding it challenging to translate awareness into preparedness.

Better prepared: Effective security planning

Head of Security Services at Telstra BTS, Stuart Low, shares his thoughts on the state of Australian security preparation.

Find out more about how we can test the effectiveness of your security preparations with our Cyber Security Health Check.

Find out more

Driven by new legislation, headline grabbing data-breaches and explosive malware attacks including NotPetya and WannaCry, research for the Telstra Security Report 2018 found that Australian businesses are undertaking more security preparation programs than ever before.

In previous years, we found that most Australian organisations were undertaking regular security auditing, but put less emphasis on other forms of preparation, such as creating data inventories, running internal risk assessments and security drills. This year however, our survey of more than 1,250 security professionals, revealed that Australian businesses are no longer conducting security audits alone – most are implementing a much broader array of preparation programmes.

This isn’t just because they’re concerned about business interruption or data breaches, however. Organisations are increasingly aware that projects without security built in from the outset have a much higher chance of not running to schedule or even being discontinued altogether. 

The security landscape is becoming more complex with legislation like the Notifiable Data Breaches scheme, the rise of convergence and new, more targeted threats. It’s become increasingly common that if you don’t take the time to get security right from the start, you might not have the ability to effectively address that issue further down the track.

As in previous years, the Telstra Security Report 2018 found that security audits remain the most common cyber security preparedness programs undertaken by Australian businesses, with 38% of respondents undertaking an audit in the past year.

“While the report proves the enduring importance of security audits, as everyone knows, they only provide you with a point in time of your security posture,” says Stuart Low, Head of Security in the Business Technology Services team at Telstra. 

“The problem is that organisations are continually changing, they are taking on new services, so you have to have a programme in place to be able to analyse those services that you're taking on. A continuous programme will help to underpin that.” 

Alongside changing environments, the report found that keeping a plan up to date with today’s rapidly changing security environment is a top challenge for security professionals – with 67% of Australian businesses estimating that as many as 55% of their breaches going undetected. 

Companies which conduct regular drills, rehearse their incident response plan and invest in red teaming to test their preparations perform better on average against new threats.

“We find that red teaming helps businesses to expect the unexpected and go through a number of scenarios,” Low says. “The red team can produce the unexpected and then see how an organisation can actually respond to that.”

In addition to highlighting previously unforeseen attack vectors, red teaming can also be an effective way to gauge the preparedness of the overall company – particularly against Business Email Compromise, the most common attack experienced by Australian businesses last year.

“We're able to set up phishing schemes, where we craft emails to impersonate a trusted source and then we're able to provide statistics to an organisation ongoing of how many people have clicked through, and what the uptake is,” says Low. “Over time, you can then start to see a pattern of how awareness training is helping your organisation.”

While improving their preparedness, it will also be important for organisations to identify opportunities to address multiple overlapping compliance regimes at once over the next 12 months and increase the efficiency of their plan rehearsals.

Download the Telstra Security Report 2018 here.

Find out more

Related News

Harnessing IoT to protect our precious resources
Create transformative innovation
Create transformative innovation
Harnessing IoT to protect our precious resources

The Internet of Things (IoT) is helping to better conserve, monitor and intelligently manage the utilities that we all depend on: electricity, gas and water. Whether it's savin...

Paper be gone: FACS embraces mobile working
Liberate your workforce
Liberate your workforce
Paper be gone: FACS embraces mobile working

How the NSW Department of Family and Community Services' (FACS) Housing Connect digital transformation program is helping staff spend more time with the tenants who need them. ...

Drakes Supermarkets: A case study in network resiliency
Optimise your IT
Optimise your IT
Drakes Supermarkets: A case study in network resiliency

How Drakes Supermarkets revamped its 50-store IT system and network with new tech to be more efficient, resilient and easier to manage. For businesses with a number of location...

Navigating the year of new security compliance
Secure your business
Secure your business
Navigating the year of new security compliance

Between the introduction of the General Data Protection Regulation and the Notifiable Data Breach scheme, the time is right to rethink your approach to security compliance legi...