Tips for maximising value from cyber security investment
It’s Cyber Security Awareness Month and like many teams in the technology space, GWI is giving thought to what cyber security means to us, and to our customers.
As many experts in the field will attest, there are known threats and attacks that have been constant over the last couple of decades. These include malware, phishing, password attacks and denial of service attacks which have been well recognised by the cyber security industry. There’s also many well-established frameworks and tools to minimise and address the risk and severity of such threats.
Evolving cyber security threats
The digital realm is ever evolving, and so are the threats that emerge. New areas are developing such as AI assisted attacks, attacks on internet of things (IoT) devices and the ever-present threat of zero-day vulnerabilities in any system.
In late 2023, the Federal Government released the Australian Cyber Security Strategy, which charts a path that the Government believes will guide both private and public sectors through the rest of the decade in the security space.
Like many things, there is not a one-size-fits-all when it comes to cyber security. Every team’s threat model is different and needs a tailored plan. That’s why the Government’s strategy, as well as State-based strategies, highlights the need for cyber security plans to be in place for all teams in Australia, big or small.
There also needs to be recognition however that there is cost involved in the identification, protection and response to cyber threats. Small and medium businesses may struggle to justify the use of funds that may seemingly be better used on growth activities or community initiatives. Identifying the biggest bang for your buck is critical to balance the risk of cyber threats, while ensuring that the cost doesn’t become too much of a burden on the organisation.
Our tips
GWI recommends prioritising the following:
- Identification of threats: doing threat and vulnerability assessments to uncover where the organisation should commit resources.
- Strategy and planning: creating a cyber security plan, a management plan for cyber incidents and plan for communications both within the organisation and publicly.
- Controls and management: Implementation of standard controls or fit-for-purpose security management platforms that manages areas such as patching, authentication, privilege management and backups.
- Be prepared: Develop an incident response plan defining the roles and responsibilities and pragmatic actions to be undertaken should the worst case scenario occur.
- Review and refresh: organisations must stay on top of emerging threats and refresh their plans regularly.
Cyber security is a continuous battle
New cyber threats will continue to emerge demanding constant vigilance. For small to medium-sized businesses, staying ahead can be challenging, but by prioritising key areas of risk, they can significantly reduce the vulnerabilities associated with digital technologies. If you would like to discuss any of these items and how GWI might be able to assist your organisation in finding the right strategy to reduce cyber risks, please reach out.
