Here are five areas of cyber security to keep your eyes on in the year ahead:
Compartmentalise the cloud
Having a single site of complete, intact data is no longer necessary. “For very sensitive data, such as your customers’ personal information or credit card numbers, it makes sense to encrypt and disperse it across multiple locations,” says Neil Campbell, global security services director at Telstra. When using multiple storage sites via the cloud, information can be saved in many separate components, meaning a breach would only compromise a fraction of your resources and a partial address or credit card number is of no value to an attacker.
Audit data in-transit
Ensuring the integrity of your data as it runs from A to B can be a concern. One solution is blockchain, a peer-to-peer method of transmitting information that can be implemented into your workflow. Each piece of data distributed via blockchain carries its full history of movements and changes; when all the pieces are reunited these audit trails can be compared, revealing any attempted tampering.
Detect unknown unknowns
“If you notice that something is a little bit untoward in your network, go and look at it straight away,” says Telstra’s principal security expert, Katherine Robins. “Having the unknown unknown is a big problem because you don’t know how long they’ve been running in your network before they get detected.” Robins says the solution lies in machine learning behavioural analytics – teaching software to recognise strange behaviour in network environments.
“Handled properly you can suffer a major breach and it goes away in a couple of days. Handled improperly, you are that one brand name that says cyber attack, right?"- Richard Metcalfe, ANZ country manager, FireEye
Plan for “when”
While you can’t stop every attack, being able to identify an attack quickly and mitigate damage can preserve clients’ confidence in your brand – and protect your bottom line. Richard Metcalfe, ANZ country manager for cyber security firm FireEye, sums up the importance of a planned incident response: “Handled properly, an organisation can suffer a significant breach and it’s forgotten by the public quickly,” he says. “Handled improperly, we have seen brands becomes synonymous with a breach.”
Lead the charge
As cyber attacks influence client confidence, so should they influence leaders’ priorities. Though past pushes for security came from the implementers, today’s chief executives are realising the need for comprehensive cyber security frameworks. Metcalfe says the questions executives should be asking are: “What’s our risk? How can we mitigate that risk with the resources we have or do we need additional resources to make that happen?”