Protecting your business’s data and network integrity has become more critical than ever as the scale and intensity of foreign and domestic cyber-attacks continue to grow.
In Australia, high-profile attacks on Optus and Medibank not only compromised the data of thousands and thousands of customers, they also brought home just how vulnerable companies of this size are and how vital robust, but state-of-the-art security measures are also for protection.
The changing nature of cyber security
The attacks that crippled Optus and Medibank have provided a wake-up call to local businesses and they are slowly but surely learning to appreciate the scale of the threat posed. Cyber security has gone from being a spending priority among CIOs to becoming a top-tier business topic amongst every line of business, Trend Micro ANZ Vice President Ashley Watkins says.
Far from being the sole domain of the IT department, cyber security is actively discussed at board level and there’s an expectation now that all C-suite executives, or anyone with people under them for that matter, understand its importance and the impact that an attack could have on the entire business, he adds.
If you’re the chief marketing officer, for example, you would be expected to have a good understanding of your organisation’s security measures and objectives given the sheer amount of sensitive data circulating around the business daily on external and internal networks, something which was definitely not the case in the past.
We’re committed to reducing our customers’ risk. This includes accounting for regional data residency and investing in data centres where our customers are, aligning the physical with the digital.
Much of this is due to the levels of reliance enterprises now place on technology and the smooth running of their networks, both external and internal. “Technology can be your best friend or your worst enemy, and failure to address security issues can mean huge damage to your brand and considerable distress to your customers and staff,” Watkins says.
Cyber resilience more important than ever
In an increasingly interconnected world where over 75 per cent of Australian businesses leverage cloud technology to maximise commercial advantages, security and cyber resilience have become essential business building blocks.
“Board members are becoming increasingly educated in the language of cyber resilience and the potential threats to organisations, and are more readily able to ask risk and audit committees the relevant questions. This reflects an active understanding of the cyber threat landscape and the planning and testing of response scenarios,” the Australian Securities and Investments Commission (ASIC) said in guidelines released in October for cyber risk management and threat assessment.
As enterprises gain a greater awareness of the risks there has also been an accompanying shift to cyber resilience, involving a more proactive and holistic approach across all on-site and cloud-based digital assets.
While cyber security provides tools such as anti-virus protection and the protocols to stop many attacks at their source of origin, cyber resilience allows organisations to examine their internal behaviour and plan accordingly.
Additionally, cyber resilience is now viewed by the board as a critical management tool for understanding risk status and making investment decisions accordingly. It is also viewed as a way of ‘enabling’, not limiting the organisation, by anticipating worst-case scenarios and building the appropriate protection against them, ASIC says. In other words, cyber resilience is a business-continuity plan that leverages all the tools an organisation has at its disposal to mitigate threats.
Trend Micro offers a holistic solution
Cyber risk management is increasingly becoming intelligence-led, incorporating near real-time processes through automation that can integrate many sources of risk, including those from collaboration and information-sharing sources, ASIC says. This also means adopting a position of zero trust which means putting in place dedicated practices both external and internal for access to vital networked information and content.
Historically, a business may have had some measures in place to restrict network access but there were just too many points of entry and exit. The focus has now switched to what people internally are collecting and sharing and the security ramifications of this behaviour. Under these circumstances, cyber resilience will involve things such as behavioural monitoring tools that can check, for example, if a member of staff is behaving out of the ordinary in what they’re downloading and sharing.
Moreover, as outsourcing and cloud-based services become more prevalent, enterprises are increasingly turning to third-party managed service providers for end-to-end security solutions. These solutions, such as the ones offered by Trend Micro, offer everything from product management to alerts, risk indexing reports and board presentations.
“We as vendors are starting to do all the heavy lifting for organisations thanks to the high levels of expertise we bring to the market,” Watkins says. Trend Micro recently launched Trend Micro One, a unified cyber security platform solution that works across physical and cloud architectures, as well as its local data centre to address all complex cyber security needs.
Trend Micro One provides real-time actionable insights and managed solutions across your enterprise-wide network, regardless of location, as well as a continuous lifecycle of risk and threat assessment including attack surface discovery, 24/7, 365-day managed detection, response, and support.
Importantly, by analysing your organisation’s current levels of cyber resilience, Trend Micro One can identify the gaps and what needs to be immediately plugged. This means providing visibility across all threat vectors and regular incident response reports and plans.
Trend Micro One was launched earlier this year with a number of major ecosystem technology partners including Google Cloud, Microsoft, Palo Alto Networks and Slack, giving partner customers connected visibility, heightened detection and response capabilities and comprehensive protection across layers of their networks.
“Businesses are constantly coming to us as a market leader asking for an end-to-end managed solution. At Trend Micro, we have built a unified cyber security platform hosted in Australia that can address the most complex needs while simultaneously providing real-time actionable insights and solutions,” Watkins adds.