Secure your business

Better prepared: Effective security planning

Highlights
  • Business are implementing a range of complementary security preparedness programs, not just relying on one or two.
  • Regular security audits are the most common security preparation programme in Australia at 38%, followed by risk assessments and compliance tests.
  • 65% of Australian security professionals estimate their organisation responded to less than 40% of security incidents in the past year. 

Effective security preparation doesn’t just help you manage risks – it empowers you to respond more effectively when they surface.

In the last several years, security has shifted from being considered a value-added capability to a critical element that needs to be integrated and hardwired into every ICT project from the outset. Addressing security at a later stage dramatically increases the chance of project postponement or even failure. 

Better prepared: Effective security planning

Head of Security Services at Telstra BTS, Stuart Low, shares his thoughts on the state of Australian security preparation.

Find out more about how we can test the effectiveness of your security preparations with our Cyber Security Health Check.

Find out more

As part of our Telstra Security Report 2018, over 1250 security professionals told us that they were implementing a range of complementary preparedness programs within their business.

The priorities of organisations in Asia and Europe are very similar to those in Australia, with security audits the highest ranked priority by almost 40% of respondents. This was closely followed by activities such as risk assessments and awareness programs.

Are you prepared?

The first step to effective preparation is knowing what you have to protect, understanding the value of these assets, and putting in place the architecture – both organisational and technical - and controls to ensure they stay safe. A framework like the Five Knows of Cyber Security can assist you in working through the right architecture for your business.

Coupled with your protective architecture, you need to have a detect architecture that allows you to quickly identify threats. This program is focused on monitoring what happens throughout your organisation and promoting visibility.

The final step is your incident response plan – which is fundamentally a matter of knowing who has to do what, when in the event of any kind of security breach. Regular rehearsal is the key to an effective response plan, which relies on staff having a clear idea of their role and responsibilities in the event of a breach. Effective desk rehearsals also promote your staff’s ability to cope with the unexpected and think on the fly.

Around the world, new privacy legislation such as the Notifiable Data Breaches amendment to the 1988 Privacy Act, as well as the European Union’s General Data Protection Regulation (GDPR) are requiring organisations to rethink their governance, risk management and compliance architecture.

The GDPR in particular, requires organisations dealing with the personal data of EU citizens to appoint a data protection officer and maintain detailed documentation related to the protection of that data.

Effective preparedness programs

Alongside the headline-grabbing data breaches of the last few years, this wave of legislation has made security a focus throughout the C-Suite, with our report finding that compared to 2017, Australian organisations are wholeheartedly supporting a wide variety of security preparedness programmes.

Security audits remain the most common programmes, with 38% of Australian respondents currently undertaking one at the time of the survey. This is encouraging, although while many organisations are comfortable running security audits, which provide a snapshot of a given point in time, few organisations have moved towards adopting a continuous compliance program which equips them to react to their changing business and security environment.

Between the proliferation of connected devices and increasing end-user confidence in adopting unapproved software and applications, it’s more important than ever before to put in place a sustainable workflow for keeping your device and software inventories up-to-date and accurate.

This can be particularly important for Internet of Things devices, which can be difficult to gain visibility over and become a prime threat vector if left unpatched.

This was followed up by risk assessments and cyber security awareness programs (36%), a clear response to the increased prevalence of socially deceptive attacks in Australia, such as Business Email Compromise.

Anticipating the unexpected

In our 2018 report, 76% of Australian businesses estimated that the number of breaches which had gone undetected in their organisation had increased to 55%. A key driver of this problem is reacting to unfamiliar threats, due to the difficulty of sourcing and maintaining up-to-date security skills in today’s rapidly changing landscape.

One way of preparing your organisation for the unexpected is by bringing in outside sources to act as a red team. Internal teams often fall back on rehearsal scenarios that deal with issues already on their radar and naturally find it difficult to consider as-of-yet unknown threat vectors.

This is where Telstra can help to try and uncover any weaknesses in an organisation’s security preparations and identify ways these can be improved going forward.

It’s important to check for weaknesses across the entire organisation, not just evaluate the preparedness of the security team.

We can, for example, test for awareness and resilience in the face of Australia’s most common threat – email compromise. Mock phishing emails, which use techniques similar to actual phishing scams, are benign messages crafted to appear as though from a trusted source and enticing staff to click through. Over time, statistics from this testing can reveal patterns of awareness throughout the organisation and indicate if/when further training is required.

Our team of over 500 experts is able to help with security expertise across numerous disciplines, including security audits, governance and risk compliance across many standards. Being able to test and measure preparedness is just one way we’re able to assist organisations to stay secure.

Related News

Boxes on conveyer belt
Create transformative innovation
Create transformative innovation
IoT in focus: Transforming the supply chain

The Internet of Things (IoT) is powering a major digital transformation in supply chain management that's set to touch every part of the chain from floor to store and beyond. ...

Woman on her phone in an office setting
Liberate your workforce
Liberate your workforce
Making the switch to an IP-based telephony service

As traditional ISDN and PTN phone lines are decommissioned with the rollout of the National Broadband Network, Australian businesses need to find the right IP-based telephony s...

People standing around a workspace using a laptop
Optimise your IT
Optimise your IT
Fast, resilient and virtual: Our network for tomorrow

To meet Australia’s increasing demands for data, speed and network resiliency, Telstra is reimagining our network with software, virtualisation and 5G. The last decade has see...

tennis stadium
Reach global markets
Reach global markets
Over-the-top content with WTA and Perform Group

Across the world, sports fans are demanding higher quality video, with less delay and more features than ever before. We explore how the convergence of IP and traditional broad...