Secure your business

Data security demands a comprehensive approach

Highlights
  • Safeguarding company data requires a holistic approach that addresses cyber security, personnel and physical access vulnerabilities.
  • Invest in mutual interoperability between cyber and electronic security to extract the most value from data.
  • Customer data requires particular care, especially once mandatory breach reporting comes into force.

As Australia’s new data-breach disclosure law comes into effect, it’s high time to consider a comprehensive data-security solution.

Data and intellectual property theft have been thrust into the public spotlight this year, with high-profile cases such as the repeated targeting of US television network HBO, which resulted in leaked episodes of the smash-hit series Game of Thrones and various internal documents as well as unauthorised access to the brand’s social media accounts.

Telstra Security Operations Centre

These compromises involved a variety of attack vectors, including malware exploits, spear phishing and gaining physical access and removing data on hard drives. Cases such as this demonstrate the necessity for a comprehensive approach to data security that aligns cyber security, logical security and electronic security to achieve total situational awareness.

Cyber vulnerabilities: Ransomware

In the Asia-Pacific region, ransomware has become the most common form of malware deployed against private organisations, from small businesses with no cyber security infrastructure to international enterprises, the compromise of which costs millions of dollars in lost business and reputational damage.

With 24 per cent of Australian businesses experiencing a ransomware incident on at least a monthly basis in 2016, according to the Telstra Cyber Security Report 2017, prevention and response strategies are vital.

As ransomware has a very short shelf-life, the General Manager of Managed Security Services at Telstra, Thomas King, says rapid innovation is required to stay safe.

“Telstra’s Managed security services are about rapid development and rapid innovation,” King says. “We run a sprint every two weeks to incorporate new features, functions and bug fixes into the product. As rapidly as the opposition is enhancing their offence, our security services are evolving just as rapidly.”

Workforce vulnerabilities: Spear phishing

As the details of our lives become increasingly public online, cyber criminals are becoming more and more adept at personalising phishing messages to blend in with legitimate traffic. A far cry from the implausibly phrased emails that populate spam boxes across the world, spear phishing utilises the names, professions, images and even email addresses of a target’s friends, family and colleagues with the aim of duping people into opening an infected attachment or clicking a link.

Promoting awareness, education and best practice across an organisation is a vital step in preventing these attacks. Each and every employee across an organisation needs to take responsibility for its security, King says, and they need to understand how to limit any damage resulting from compromised systems.

“It’s important to recognise that everyone in an organisation represents a unique attack vector and can be the weak link in terms of cyber security,” he says.

“To stay safe, you need multi-layer defence and controls which encompass technology, people and processes, while balancing your risk and ensuring you can accomplish your business objectives.”

Access vulnerabilities: Physical compromise

Robust cyber security measures unfortunately cannot stop an unauthorised intruder simply walking out of an office, data in hand. Electronic (physical) security is equally necessary to ensure customer data remains secure and intellectual property doesn’t fall into the wrong hands.

Traditional electronic security measures, such as keycard readers and retina scanners, can also be aligned with digital systems including permissions structures, geographic data analysis, access logs and encryption to automatically identify potentially problematic users and downgrade their access.

However, you don’t need to overhaul your org chart to align these two complementary fields. Rather, it’s important to ensure key stakeholders across your organisation develop a shared vision of a what a converged cyber and electronic environment would look like and work backwards from that vision to discover the steps required to achieve this goal.

“It’s important to recognise that everyone in an organisation represents a unique attack vector and can be the weak link in terms of cyber security.” 

Thomas King, General Manager, Managed Security Services, Telstra

Customer data obligations

In 2016, the average data breach in Australia cost the compromised company $2.51 million and involved more than 18,000 breached records, according to independent researcher the Ponemon Institute’s 2017 Cost of Data Breach Study.

The costs associated with customer data compromise are likely to climb even higher due to the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017, which requires that all organisations subject to the Privacy Act 1988 notify potentially affected individuals in case of an “eligible data breach”, in which the breach exposes users to “serious harm”.

Failing to issue a notification carries a maximum penalty of $2.1 million for organisations, along with significant implications for their corporate reputation.

After instituting a comprehensive security plan that minimises the chances of data compromise in the first place, organisations should implement a robust data-breach response plan that includes a pre-drafted customer notification, distinctly delegated responsibilities and designated channels of communication.

With these in place, an organisation is well-situated to minimise the damage to its customers, reputation and bottom line effectively in the event of a data breach.

As everything becomes more connected so too must security management. Download the Converging Electronic and Cyber Security white paper.

Download

Related News

Male and female brainstorming
Liberate your workforce
Liberate your workforce
Why business needs Millennials

The generation that grew up on the internet and social media is flooding into the workforce. We explore how business and digital natives can work together.

Female paying on mobile phone
Reach global markets
Reach global markets
3MI™: Telstra’s index pinpoints exponential growth

Australia’s banking and finance industry has a once-in-a-generation opportunity for exponential growth – by embracing Millennials, their mobiles and their money.

Man using tablet in cafe
Create transformative innovation
Create transformative innovation
Why digital disruption isn’t done yet

We talk to entrepreneur and ShopFully Co-Founder Stefano Portu about dotcom booms and busts and whether the age of digital disruption is sustainable.

Man using tablet in meeting
Create transformative innovation
Create transformative innovation
Five ways to maintain innovation in public service

Innovation is at the heart of the Australian public’s vision for the future of government service delivery. We explore how the public sector can maintain its digital momentum. ...