Secure your business

Better prepared: Effective security planning

Highlights
  • Business are implementing a range of complementary security preparedness programs, not just relying on one or two.
  • Regular security audits are the most common security preparation programme in Australia at 38%, followed by risk assessments and compliance tests.
  • 65% of Australian security professionals estimate their organisation responded to less than 40% of security incidents in the past year. 

Effective security preparation doesn’t just help you manage risks – it empowers you to respond more effectively when they surface.

In the last several years, security has shifted from being considered a value-added capability to a critical element that needs to be integrated and hardwired into every ICT project from the outset. Addressing security at a later stage dramatically increases the chance of project postponement or even failure. 

Better prepared: Effective security planning

Head of Security Services at Telstra BTS, Stuart Low, shares his thoughts on the state of Australian security preparation.

Find out more about how we can test the effectiveness of your security preparations with our Cyber Security Health Check.

Find out more

As part of our Telstra Security Report 2018, over 1250 security professionals told us that they were implementing a range of complementary preparedness programs within their business.

The priorities of organisations in Asia and Europe are very similar to those in Australia, with security audits the highest ranked priority by almost 40% of respondents. This was closely followed by activities such as risk assessments and awareness programs.

Are you prepared?

The first step to effective preparation is knowing what you have to protect, understanding the value of these assets, and putting in place the architecture – both organisational and technical - and controls to ensure they stay safe. A framework like the Five Knows of Cyber Security can assist you in working through the right architecture for your business.

Coupled with your protective architecture, you need to have a detect architecture that allows you to quickly identify threats. This program is focused on monitoring what happens throughout your organisation and promoting visibility.

The final step is your incident response plan – which is fundamentally a matter of knowing who has to do what, when in the event of any kind of security breach. Regular rehearsal is the key to an effective response plan, which relies on staff having a clear idea of their role and responsibilities in the event of a breach. Effective desk rehearsals also promote your staff’s ability to cope with the unexpected and think on the fly.

Around the world, new privacy legislation such as the Notifiable Data Breaches amendment to the 1988 Privacy Act, as well as the European Union’s General Data Protection Regulation (GDPR) are requiring organisations to rethink their governance, risk management and compliance architecture.

The GDPR in particular, requires organisations dealing with the personal data of EU citizens to appoint a data protection officer and maintain detailed documentation related to the protection of that data.

Effective preparedness programs

Alongside the headline-grabbing data breaches of the last few years, this wave of legislation has made security a focus throughout the C-Suite, with our report finding that compared to 2017, Australian organisations are wholeheartedly supporting a wide variety of security preparedness programmes.

Security audits remain the most common programmes, with 38% of Australian respondents currently undertaking one at the time of the survey. This is encouraging, although while many organisations are comfortable running security audits, which provide a snapshot of a given point in time, few organisations have moved towards adopting a continuous compliance program which equips them to react to their changing business and security environment.

Between the proliferation of connected devices and increasing end-user confidence in adopting unapproved software and applications, it’s more important than ever before to put in place a sustainable workflow for keeping your device and software inventories up-to-date and accurate.

This can be particularly important for Internet of Things devices, which can be difficult to gain visibility over and become a prime threat vector if left unpatched.

This was followed up by risk assessments and cyber security awareness programs (36%), a clear response to the increased prevalence of socially deceptive attacks in Australia, such as Business Email Compromise.

Anticipating the unexpected

In our 2018 report, 76% of Australian businesses estimated that the number of breaches which had gone undetected in their organisation had increased to 55%. A key driver of this problem is reacting to unfamiliar threats, due to the difficulty of sourcing and maintaining up-to-date security skills in today’s rapidly changing landscape.

One way of preparing your organisation for the unexpected is by bringing in outside sources to act as a red team. Internal teams often fall back on rehearsal scenarios that deal with issues already on their radar and naturally find it difficult to consider as-of-yet unknown threat vectors.

This is where Telstra can help to try and uncover any weaknesses in an organisation’s security preparations and identify ways these can be improved going forward.

It’s important to check for weaknesses across the entire organisation, not just evaluate the preparedness of the security team.

We can, for example, test for awareness and resilience in the face of Australia’s most common threat – email compromise. Mock phishing emails, which use techniques similar to actual phishing scams, are benign messages crafted to appear as though from a trusted source and enticing staff to click through. Over time, statistics from this testing can reveal patterns of awareness throughout the organisation and indicate if/when further training is required.

Our team of over 500 experts is able to help with security expertise across numerous disciplines, including security audits, governance and risk compliance across many standards. Being able to test and measure preparedness is just one way we’re able to assist organisations to stay secure.

Related News

Choosing the right network partner
Reach global markets
Reach global markets
Choosing the right network partner

You need a trusted network partner to support your business’ growth. We look at the questions you need to find that partner. An effective digital strategy is a prerequisite for...

Think as one: Bringing your cloud and network together
Optimise your IT
Optimise your IT
Think as one: Bringing your cloud and network together

When your underpinning network and cloud foundation work as one, the promise of innovation can become a reality. Learn how to converge your network and cloud. Together, the ne...

A woman using virtual reality headset
Secure your business
Secure your business
The future of security: Threats, trends and investments

From rising budgets to machine learning, we look at the future trends changing the Australian security landscape. With the security landscape continuing to grow more complex, w...

Better together: Electronic and cyber security convergence
Secure your business
Secure your business
Better together: Electronic and cyber security convergence

Aligning your approach to physical security devices with your cyber security strategy is giving Australian organisations greater visibility over their security estate. Across A...