How to be cyber secure A practical guide for Australia s mid-size business

Similar documents
CYBER INSURANCE: MANAGING THE RISK

CYBER RESILIENCE & INCIDENT RESPONSE

Are we breached? Deloitte's Cyber Threat Hunting

Emerging Technologies The risks they pose to your organisations

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

CYBERSECURITY AND THE MIDDLE MARKET

The hidden cost of smart buildings

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Strategy

Cybersecurity, safety and resilience - Airline perspective

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cybersecurity. Securely enabling transformation and change

The hidden cost of smart buildings

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Strategic threat advisory services

Cyber Threat Landscape April 2013

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

A new approach to Cyber Security

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

BHConsulting. Your trusted cybersecurity partner

The University of Queensland

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

Building resilience. Delivering assurance.

Big data privacy in Australia

GDPR Update and ENISA guidelines

Gujarat Forensic Sciences University

CyberEdge. End-to-End Cyber Risk Management Solutions

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Sage Data Security Services Directory

CYBER SOLUTIONS & THREAT INTELLIGENCE

Promoting Global Cybersecurity

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

BHConsulting. Your trusted cybersecurity partner

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

ENISA EU Threat Landscape

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

M&A Cyber Security Due Diligence

Public Sector Cyber Security Series

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Security Awareness Training Courses

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Keys to a more secure data environment

GDPR: A QUICK OVERVIEW

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Security-as-a-Service: The Future of Security Management

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Anticipating the wider business impact of a cyber breach in the health care industry

THE POWER OF TECH-SAVVY BOARDS:

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

NEXT GENERATION SECURITY OPERATIONS CENTER

Cybersecurity and the Board of Directors

Why you should adopt the NIST Cybersecurity Framework

G7 Bar Associations and Councils

Global Information Security Survey. A life sciences perspective

MITIGATE CYBER ATTACK RISK

INTELLIGENCE DRIVEN GRC FOR SECURITY

Cyber Security: Are digital doors still open?

Cyber Security. It s not just about technology. May 2017

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cyber Security. Building and assuring defence in depth

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

The NIS Directive and Cybersecurity in

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Effective Cyber Incident Response in Insurance Companies

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Express Monitoring 2019

Intelligent Building and Cybersecurity 2016

Digital Health Cyber Security Centre

Real estate predictions 2017 What changes lie ahead?

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

European Union Agency for Network and Information Security

6 CONCLUSION AND RECOMMENDATION

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Business Continuity Management Standards A Side-by-Side Comparison

Data Management and Security in the GDPR Era

Caribbean Cyber Security: Not Only Government s Responsibility

Governance Ideas Exchange

External Supplier Control Obligations. Cyber Security

Incident Response Services

SECURITY SERVICES SECURITY

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Governing cyber security risk: It s time to take it seriously Seven principles for Boards and Investors

Transcription:

How to be cyber secure A practical guide for Australia s mid-size business

Introduction The digital age has bred opportunity for mid-size business. From ecommerce to social media, agile organisations have taken advantage of new channels to disrupt their industries and fuel rapid growth. However, technology developments have also introduced new risks. Rated a top 10 global exposure both likelihood and severitywise by the World Economic Forum, cyber risk is now a top level agenda item for boards worldwide. Cyber risk is here to stay, but not necessarily in its current form. While businesses worry about data privacy and IP theft today, they may well face different conundrums tomorrow. The internet of things is widening the scope of cyber attacks with its potential to inflict damage on infrastructure and mass production. Closer to home, the frequency of cryptolocker and ransomware attacks against Australian companies is on the rise, with a direct impact on organisations operational fitness and bottom line. While hackers are not shy about reinventing their way of working, business may not be as nimble when it comes to counteracting the threat: Grant Thornton s recent International Business Report (IBR) points out that only 52% of organisations have a cyber security strategy in place. Not all companies are created equal when it comes to cyber risk. While equally vulnerable targets for cyber crime or hacktivism, mid-size businesses are generally less equipped to deal with the consequences of attacks than their multinational counterparts. The Australian government has recently acknowledged this gap, and launched the national Cyber Security Strategy, which directly addresses the need for cyber risk advice adapted to businesses of all sizes. Grant Thornton, mid-size businesses growth advisor of choice, accompanies a broad range of organisations in identifying cyber exposures, developing effective risk management strategies, implementing the necessary measures to safeguard operations, and acting swiftly to counteract and recover from potential attacks. We understand that mid-size businesses need a pragmatic and cost-effective approach to managing cyber risk; this is why our experts provide counsel and support adapted to each company s profile, and focus on delivering results. Only 52% of organisations have a cyber security strategy in place 2 How to be cyber secure A practical guide for Australia s mid-size business

What does this mean to mid-size businesses in Australia? Cyber risk awareness is no longer enough. With Australia an increasingly attractive target for cyber crime, businesses need to act in order to prevent attacks, build resilience, and foster a culture of cyber security among their employees. Furthermore, companies trading abroad need to take into account foreign legal and compliance requirements, as well as threats specific to each market they operate in. As governments around the world act to counter cyber risk, it is well to bear in mind that the legislative landscape is varied: ranging from sophisticated in Australia, the United States and Europe, to emerging across Asia, where few mandatory requirements to report breaches exist and cyber safety standards are patchy. Mid-size businesses need robust cyber security policies in order to deal with this evolving exposure. Grant Thornton s cyber security experts have designed a practical guide to being cyber-secure for Australia s mid-size businesses. Businesses need to act in order to prevent attacks, build resilience, and foster a culture of cyber security among their employees. Matthew Green Partner, Grant Thornton Australia What is cyber risk? IP THEFT Data breach Reputational damage Hacktivism Fraud Damage to infrastructure Downtime Privacy Cryptolocker Financial loss SLA Breach Internet of Things How to be cyber secure A practical guide for Australia s mid-size business 3

What can mid-size business do about cyber risk? STEP 1: PREVENT Conduct a risk assessment The first step to preventing cyber attacks is to assess your company s exact risks: determine key assets and processes, pinpoint vulnerabilities, and identify areas of improvement. The risk assessment should focus not only on the current state of the organisation but also take into account its growth strategy, and the technological needs going forward. The goal of the risk assessment is not only to identify immediate action items, but also to provide visibility of potential exposures over the long term. In this way your organisation is supported to make well-informed decisions regarding future-state technology. While a strategic outlook allows leaders to consider cyber risk in the broader business context, a technical security assessment is a critical step to securing business operations. Grant Thornton cyber experts conduct a full cyber security assessment including: Cyber security risk and governance assessment External vulnerability assessment and penetration testing. Internal vulnerability assessment and penetration testing. Web application vulnerability assessment. Wireless networks vulnerability assessment. Security configuration assessments. Our six-step assessment methodology allows us to present businesses with a detailed report of cyber risk management, potential vulnerabilities, and make recommendations for improving cyber security. Create a robust cyber security policy The risk assessment results should be integrated into a robust, organisation-wide cyber security policy that focuses on people, processes and technology. Make smart technology choices Privacy by design is becoming increasingly embedded in IT platforms worldwide; however, companies should also pay attention to security by design. Apply strict criteria to vendor selection Compliance with cyber security norms, as well as recovery planning and support, are key criteria for IT vendor selection. Mid-size businesses seeking cost-efficiency when buying technology should not sacrifice safety. Build a cyber-secure culture Building a cyber-secure culture is perhaps the broadest area of development for businesses. From social media policies to cyber security training, companies need to create awareness and foster the right behaviours among their people. Continuously monitor your IT infrastructure and processes Once a cyber security policy is in place, continual monitoring and training is required for optimal results. Vigilance and proactivity are the best types of prevention. 4 How to be cyber secure A practical guide for Australia s mid-size business

STEP 2: REACT However, track records so far indicate that most companies will experience a cyber security incident at one point in time. What can organisations do in case of a cyber attack? Quick reaction It is important that businesses react quickly in case of a cyber incident, and follow a strict protocol in controlling damage both internally and externally. Cyber security policies should include a clear outline of measures and of resources available in case of an incident. Crisis management Critical points related to crisis management should be outlined in the cyber security strategy, along with action owners and available resources to manage the deployment of internal measures and handle external queries. Incident handling process When a cyber incident does occur, it is important to follow a step-by-step approach. When working with our clients Grant Thornton cyber experts apply the following process: 1. Identification Ascertaining the exact nature and extent of the incident is critical to managing it properly going forward. STEP 3: RECOVER Recovery plan The growing diversity of cyber incidents requires swift reaction. Robust systems and responsive technology providers, along with a good crisis management team, can make the difference in safeguarding investments and reputation, and recovering successfully. When recovering from a cyber incident, it is important to conduct further testing to make sure all systems are functioning perfectly, and to monitor operations for a period of time, like a post-surgery patient. Safeguard reputation Businesses that have experienced cyber incidents agree: reputation is one of the most sensitive areas affected by an attack, and among the most difficult to fix. Organisations must put in place brand remediation measures within the crisis management phase, and focus efforts on clear and coherent communication throughout the process. As cyber attacks increase in number and severity businesses need to build defences, implement security strategies and foster risk-aware cultures. The end goal: a cyber-resilient business focused on sustainable growth. 2. Validation and assessment The assessment phase allows us to qualify the incident in terms of gravity and potential long-term impact. 3. Preliminary report A first report is delivered, outlining the issue and proposing pragmatic solutions. 4. Containment Once a decision is made regarding the strategy, we proceed to containing the incident, and to preventing any further damage. 5. Eradication Once the immediate fire is put out, it is important to check the overall health of the system, and ensure that no further threats are present. How to be cyber secure A practical guide for Australia s mid-size business 5

Cyber security checklist STEP 1: PREVENT Conduct a cyber risk assessment Strategic considerations Technical security assessment Internal and external vulnerability assessment and penetration testing Web application, wireless network, PBS and VOIP assessment Security configuration assessment Create a robust cyber security policy Technology choices Vendor selection Cyber-secure cultures Build a resilient IT governance framework STEP 2: REACT Quick reaction Crisis management Incident handling process: Identification Validation and assessment Preliminary report Containment Eradication STEP 3: RECOVER Recovery plan and testing Safeguard reputation 6 How to be cyber secure A practical guide for Australia s mid-size business

Our services Grant Thornton Technology Advisory and Solutions supports mid-size businesses, not for profit organisations and government agencies throughout their digital transformation journeys. We effectively act as an innovation partner: we support organisations to develop, implement and review technology strategies, systems and processes aligned with their business goals. Our specialists work with clients across the globe to help them understand and respond to cyber-security threats to their organisation. As well has assessing risk and helping to improve cultures, technologies and processes, our people help organisations identify, respond to and investigate cybersecurity incidents and breaches. Grant Thornton is one of the world s leading organisations of independent assurance, tax and advisory firms. These firms help dynamic organisations unlock their potential for growth by providing meaningful, forward looking advice. Proactive teams, led by approachable partners in these firms, use insights, experience and instinct to understand complex issues for privately owned, publicly listed and public sector clients and help them to find solutions. Grant Thornton Australia has more than 1,000 people working in Adelaide, Brisbane, Cairns, the Gold Coast, Melbourne, Perth and Sydney. We combine service breadth, depth of expertise and industry insight with an approachable client first mindset and a broad commercial perspective. Contact Alex Gelman Partner & National Head of Technology Advisory & Solutions T +61 2 8297 2422 E alex.gelman@au.gt.com Robert Samuel Partner Technology Advisory & Solutions T +61 2 8297 2429 E robert.samuel@au.gt.com Matthew Green Partner Technology Advisory & Solutions T +61 3 8663 6168 E matthew.green@au.gt.com John Picot Principal Technology Advisory & Solutions T +61 2 8297 2426 E john.picot@au.gt.com www.grantthornton.com.au Grant Thornton Australia Limited ABN 41 127 556 389 ACN 127 556 389 Grant Thornton refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. Grant Thornton Australia Ltd is a member firm of Grant Thornton International Ltd (GTIL). GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate one another and are not liable for one another s acts or omissions. In the Australian context only, the use of the term Grant Thornton may refer to Grant Thornton Australia Limited ABN 41 127 556 389 and its Australian subsidiaries and related entities. GTIL is not an Australian related entity to Grant Thornton Australia Limited. Liability limited by a scheme approved under Professional Standards Legislation. Liability is limited in those States where a current scheme applies. EPI.147.16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback