MOST BUSINESSES STILL HAVE LITTLE OR NO CYBERSECURITY PLAN

01-08-2019

Businesses in Australia and New Zealand are innovating rapidly by evolving their organisational models to remain competitive – moving to the cloud, offering multiple touchpoints for employees and customers, and building new applications to connect and engage with customers. At the heart of this evolution is the proliferation of sensitive data that is created, collected and shared. At the same time, cybercriminals are looking at all this data as a gold mine to be monetised. So how can businesses adapt to these changes safely?

To find out, electrical systems and services company Thales engaged technology research and advisory firm Ecosystm to conduct market research on the state of data security in the region. Responses were obtained from 150 senior managers across various industries and the public sector. The key findings were that 70 per cent of organisations in the Asia-Pacific region have little or no cybersecurity program, and 50 per cent focus on cybersecurity only after an incident or data breach.

Digital transformation, emerging technologies (such as the IOT and AI) and industry compliance were named as the top drivers for investments in cybersecurity, but is important for organisations to develop a robust risk management programme that goes beyond compliance. The major challenges with deploying cybersecurity solutions were concerns with integration with existing technologies, the complexity of security solutions and the lack of skilled IT staff.

The journey to protect sensitive data starts with data classification. However, many organisations fail to identify sensitive data beyond intellectual property and legal. While organisations have numerous ways to control access to sensitive data, less than half of those surveyed use multi-factor authentication.

A similar number are storing their sensitive data in the public cloud, driven by the less mature organisations leveraging the public cloud for operational cost and growth elasticity benefits. Just over half say that their public cloud provider has sufficient security to protect their data, while 29 per cent say that their organisation has to complement their provider’s security measures. But over two thirds of the organisations that encrypt their data in the cloud have their encryption keys held by their cloud provider, which is a risky approach.

“Whoever holds the encryption keys owns the data,” the report stresses. “If a breach occurs but data was encrypted and keys were protected, a cyber attacker would be unable to decrypt the data and access the actual information.”

The report concludes with recommendations for addressing data protection, including identifying where sensitive data is stored, who has access to it, how many different data types need to be secured, and how it is transmitted; minimising the number of data repositories where possible; safeguarding encryption and key management; and controlling access.

RELATED NEWS

  1. Clean technology innovator 5B has received $14 million in funding from Australian Renewable Energy Agency (ARENA) to accelerate the automation of its innovative utility scale solar array, 5B Maverick. The funding contributes to a $33.4 million project that will result in a high volume, scalable and...
  2. AUSJET/ADVCA has indicated support for Prime Minister Scott Morrison and the National Cabinet for the decision to change close contact rules and isolation exemptions for the energy resources, water and waste management sectors.
    AUSJET/ADCVA chair Peter Jones said the past two years of COVID-19 have...
  3.  
    Planview, a global leader in Portfolio Management and Work Management solutions, has partnered with Standard Chartered, a leading international banking group.
    Standard Chartered has selected Planview as the organisation’s enterprise-wide solution to manage the Bank’s portfolio of technology...