I was delighted to host our monthly Security Lunch and learn event this week, at Cisco’s beautiful office in North Sydney. Our guests and presenters shared their experiences, and together we explored the fascinating and often terrifying world of Cyber security. I’d like to share some of the insights I took from the day. Contact me here if you’d like to explore any of these further.
- Cyber criminals are targeting SME’s
More so now than ever before, SME’s are at risk. Cyber criminals assume (often correctly) that SME’s are not as security savvy as larger organisations. Anti-Virus and Firewalls are no longer enough to protect businesses. With the introduction of AI and Machine Learning, the rate at which the threats are changing makes them impossible to defend without a sophisticated security posture.
- NDB is still largely misunderstood
The Privacy legislation implemented in February 2018 is still unclear with many believing they are exempt, or not completely understanding their culpability regarding their customers’ businesses.
In fact, under the Privacy Act 1988, the NDB scheme applies to all businesses and not-for-profit organisations with an annual turnover of $3 million or more, as well as:
- Some small business operators, including:
- All private sector health service providers
- Those that trade in personal information
- Tax File Number recipients (if annual turnover is below $3 million, the NDB scheme will apply only in relation to TFN information)
With the amount of attacks occurring daily on the rise, it’s important to understand the legislation, and plan for the inevitability of being breached.
- Products are not enough
A strong security posture means ensuring the 3 P’s are all in place. Products, people and process are all crucial in the defence against cyber threats. Without the right products in place, IT professionals cannot be expected to identify and keep track of all cloud enabled products on their network. From Fitbits to fridges, the introduction of cloud enabled devices has complicated risk mitigation strategies. Without training, employees cannot be expected to understand and accept the restrictions put in place for their safety, and processes must be implemented throughout the entire organisation. When all 3 P’s are correctly implemented, layers of security are established. Seemingly innocent USB keys picked up at trade shows can be thwarted by end point security on the laptop, or a properly trained employee could avoid it altogether.
- The average customer takes 100 – 200 days to realise they have been breached
Incredibly, attacks can occur without businesses realising, and remain dormant – watching and learning. Often these threats enter at one point (usually e-mail) and quickly propagate, infecting other areas. Without the proper visibility, it can be near impossible to detect.
- There are small but significant changes that can be made today
The ASD Essential 8, published by the Australian Cyber Security Centre (ACSC), is a list of security initiatives, some of which, can be implemented into existing environments at little or no extra cost
There are so many security vendors in the market, and threats are constantly evolving –making it near impossible to know definitively what the right fit is.. But the news is not all bad.
The Cisco Security stack includes a comprehensive portfolio of products to prevent, detect and respond to threats. Cisco is the largest security vendor in the market and any Cisco security product purchased is backed by Cisco Talos: the largest non-government threat intelligence organization on the planet. Analyzing 1.5 million unique malware samples daily and blocking 20 billion threats daily. That’s more than 20 times any other vendor.
CustomTec is one of a handful of partners with Cisco Advanced Security Specialisation.
We offer consulting services, end user education and Cisco Security solutions as a ‘per user’ service, which is a real advantage for our clients. Contact us here to hear more about Cyber Security and protecting your business.