Creating more resilient cybersecurity cultures

Written by Mick McCluney, Technical Director, ANZ, Trend Micro.

As the pandemic accelerated IT infrastructure transformation for organisations across Australia and the world, it also meant that the digital attack surface expanded at a faster pace, with greater opportunity for potential vulnerabilities in corporate networks. Now, contending with geographically scattered workers and a hybrid work environment as the new normal, cybersecurity teams must focus on creating a strong and resilient security culture that allows them to detect and track vulnerabilities, align processes with people and create recovery plans to minimise the impact from potential attacks.

Understanding your cyber risk profile:

For IT security teams to effectively reduce their attack surface, the first key step is to have full visibility of their IT estate. Only then can the risk exposure be accurately calculated and steps taken to secure the attack surface. Yet, the fact that the IT environment is in flux makes having complete visibility particularly challenging.

In the past two years, there has been an explosion in the number of geographically dispersed endpoints and an increase in shadow IT, the latter of which is a significant issue in itself when creating a strong security culture. In EY’s 2021 Global Information Security Survey, fifty-six percent of CISOs said their teams were consulted late or not at all when company leaders make time-sensitive strategic decisions.  More than a quarter said that, at least to some extent, the speed of technology rollouts prevented suitable cybersecurity involvement.

Another hindrance is that either organisations often don’t have the right tools to gain visibility or IT teams have too many tools, which creates disparate and disconnected processes to gather information and assess risks. The right resources are critical to have the right information at the right time to detect, analyse and act. A unified cybersecurity platform can streamline these processes and enable visibility, resulting in enhanced risk management.

Building a cybersecurity culture so that protecting the company is everyone’s job:

A strong cybersecurity culture means having every player understand their role in assuring security. To cultivate this culture, establishing practices of good security hygiene, with the help of widespread training and education, is essential. Cyber training should be tailored to each stakeholder, for example board members, executives and senior management focus on data protection, regulatory compliance and risk management. On the other hand, for staff, awareness training regarding potential threats, like those associated with public Wi-Fi, should be the focus.

However, despite cyber awareness training, human error is unavoidable. This is why the ‘zero trust’ approach to cybersecurity has been top of mind for IT teams in recent years. Zero trust, being a cybersecurity model in which people can only be granted privileges to an IT environment once they are verified, isn’t reliant on specific technology to work, but in combination with an extended detection and response (XDR) capability, its effectiveness can be enhanced. The elements that make XDR important for Zero Trust are strong endpoint control and organisation-wide data collection and correlation from across the IT infrastructure.

Having a response plan in place:

Recent cyberattacks have underpinned the fact that it is no longer a matter of ‘if’ an attack will happen but rather ‘when’. A strong cybersecurity strategy not only requires taking preventive measures but also preempting an attack by creating an adequate response plan.  The goal of a response plan should be to constrain the impact of a successful attack as much as possible, spell out the recovery steps involved and identify how to analyse what caused the breach so that security systems can be fine-tuned to resist similar attacks in future. Formalising a response plan is also critical to operating in a decentralised environment with multiple locations. This then acts as a playbook to which IT teams can refer to bring consistency to how incidents are addressed and provides a feedback loop that benefits the organisation as a whole.

Cybersecurity is a journey that requires organisations to continuously assess their IT estate, conduct regular security hygiene practices and equip their IT teams with the right tools and processes to protect and recover. Ultimately, all these steps need to combine to create a robust and resilient security culture that allows the smooth running of the business.