Op-Ed: Resilience starts with vigilance – creating an iron-clad cyber security strategy

You try new technology, venture into new markets, reinvent business models, hire fresh talent, and form new partnerships. Each of these changes comes with unknown cyber security risks, yet taking action to find out and mitigate those risks has often not been a priority.

But the focus is starting to shift. Cyber attacks on Australia’s most well-known brands last year shook up the nation, with leaders realising they cannot sit and wait for the next attack to happen; instead, they need to take steps to build a cyber resilient organisation, one that can withstand, recover, and grow even stronger in the face of cyber threats.

The urgency to take action is being felt even more strongly this year. The potential for cyber criminals to exploit artificial intelligence (AI) advancements has never been greater. They’re already using AI to create incredibly convincing phishing emails and advanced malware that’s harder to detect than ever.

These breakthroughs have reinforced the need to prioritise cyber resilience. This means having a plan in place that integrates people, processes, and technology to create an iron-clad cyber security posture.

What does it mean to be cyber vigilant?

Being cyber vigilant means maintaining an active and alert stance towards cyber security threats, constantly monitoring for potential vulnerabilities, and being ready to respond quickly and effectively when a threat is detected. This requires a comprehensive, proactive approach to cyber security that often involves several key elements.

The first is threat intelligence. Keeping a constant tab on the evolving cyber security landscape is crucial for every organisation. Gathering and analysing intel about potential threats, vulnerabilities, and techniques used by cyber criminals will give your organisation the upper hand when it comes to proactively defending against attempted attacks. It’s worthwhile joining forces with law enforcement, cyber security companies, and other like-minded firms for access to a wider pool of knowledge.

In addition to keeping your finger on the threat pulse, having robust defence mechanisms in place is critical. This includes establishing 24/7 monitoring of your networks, systems, and devices, using advanced tools and technologies like intrusion detection systems (IDS), intrusion prevention systems (IPS), and security information and event management (SIEM) systems. When unusual activity is detected, it can be quickly analysed and removed.

VIEW ALL

It’s important to function on a “no chances taken” protocol. With additional endpoint protection services and systems like firewalls, antivirus software, data encryption, and multifactor authentication, you can prevent sensitive information from reaching the wrong hands.

But even with these measures in place, there is always the possibility of a breach. So, what happens when an intrusion does occur? This is where a well-thought-out incident response and disaster recovery plan comes in. From mitigating damage to recovering operations with minimal disruption and learning from past incidents, all the steps of the process should be clearly defined and delegated. Regular testing and updating of the plan is just as important as having one in the first place to ensure it’s relevant.

Another characteristic of a cyber resilient organisation is a cyber savvy workforce, with employees who know their role in keeping their organisation secure. Staff are regularly trained to recognise phishing attempts, cyber threats, and social engineering, keeping them abreast of best practices in handling sensitive data. Plus, simulation exercises can keep teams on their toes and help you understand how well-prepared they really are for an attempted attack.

Cyber vigilance starts with a deep dive into your IT estate

The first step to cultivating cyber resilience is conducting a cyber security risk assessment. Without a thorough assessment, you won’t know where your weaknesses lie. Unfortunately, for many organisations, a cyber security risk assessment is a one-and-done deal or, at best, a once-in-a-while undertaking.

But best practice dictates that these assessments be performed regularly – at least once a year, and more often if your organisation is large, data-sensitive, technology-dependent, or has gone through a significant change. Cyber threats are relentless and constantly changing, which means your risks and security controls will need regular reassessment.

Starting with the right mindset

So, what does the cyber security risk assessment process involve?

There are a few things to keep in mind before you start the process. First of all, remember to involve all relevant stakeholders in the process, including representatives from IT, business units, legal, HR, and executive management. Everyone has a stake in this.

It’s also important that your assessment is objective and data-driven. Avoid the temptation to rely on gut feelings or assumptions.

Additionally, use a recognised cyber security framework to guide the process. There are several excellent frameworks available, including the NIST Cybersecurity Framework, ISO 27001, and CIS Controls.

The cyber security risk assessment – from start to finish

The first step in a risk assessment is identifying all the assets that can be targeted by malicious actors – that’s your hardware, software, data, and even employees. It’s essential to have a detailed inventory of all assets, including information on where they are located, who has access to them, and what level of risk they represent.

Next, you need to identify potential threats and vulnerabilities. This could include everything from malware and phishing attacks to physical theft or social engineering. Make sure to consider all types of threats, not just external ones. Internal threats (both malicious and accidental) can be just as dangerous. Methods like vulnerability scanning and penetration testing play a key role in proactively identifying and mitigating potential threats.

After the threats have been identified, you have to assess the impact of each, including everything from financial losses and reputational damage to legal liability or regulatory fines. By understanding the potential impact of a cyber attack, you can prioritise your cyber security investments on the most significant risks first.

Then, you have to assess the likelihood of a cyber attack occurring. This could include evaluating the effectiveness of existing security controls and identifying potential weaknesses that could be exploited by cyber criminals, as well as considering the capabilities and motivations of potential attackers.

Your next step is to prioritise risks. This involves identifying which threats are the most significant and require the most immediate attention, so you can allocate your resources more effectively.

Finally, a cyber security risk assessment should include a comprehensive report that communicates the findings clearly to all stakeholders. It also needs to include a robust risk mitigation strategy detailing the steps that can be taken to avoid the most significant risks, such as implementing additional security controls, improving security awareness training, or updating security policies and procedures.

A cyber security risk assessment is not an easy undertaking, but it doesn’t need to take up all your team’s time and energy. Third-party partners like Orro can help with the process and provide an outside perspective.

Growing from the threats of yesterday

Cyber resilience is a never-ending journey of vigilance. By continually learning and growing from past incidents and by being open to new strategies and adapting them as needed, you can create a truly cyber resilient organisation that’s ready for anything.

Michael Van Rooyen is the chief technical officer at Orro.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.