Ransomware, phishing, hackers, data loss – the list of cyber threats to enterprises goes on. Threats to cybersecurity have reached ground zero, with social engineering, system intrusion and basic web application attacks representing 93 percent of data breaches across the Asia Pacific, according to Verizon’s 2023 Data Breach Investigations Report (DBIR).
As Australian national leaders continue to look for ways to shore up cyber defences, businesses are looking more closely at how they can strengthen their cybersecurity resilience. However, a recent global Accenture survey has found Australian businesses are among the least equipped to deploy technology and talent to drive change.
Digital resilience is critical to protect operations, reputation, customers, and business transformations. It requires being able to look the threats straight in the eye, understand them deeply, and deal with them effectively.
While it is impossible to predict exactly when, how, and where the next threat will come from, it is possible to deal with threats proactively and adaptively by building resilience with a safety-first approach to cybersecurity – here are five ways enterprises can do so.
Implement a Zero-trust Architecture
Zero Trust is a concept that is not limited to a single product – it is about being able to authenticate a user’s identity in real-time using adaptive inputs from multiple platforms across identity, device, network, application, and data.
A zero trust architecture can mitigate ID theft and social engineering attacks, strengthen overall enterprise security, and ultimately improve the user experience.
Include Layered Defences to Protect Against Ransomware
A ‘defense-in-depth’ approach should include layered defense measures in relation to technology, processes, and employees to minimise the threat to the business.
Technologies such as email protection, endpoint protection and backup and recovery solutions are part of the defense tactics, which also include process-oriented elements such as playbooks, threat intelligence, and incident response exercises. Defences that incorporate the people layer include training employees in cyber skills and increased awareness of the threats.
Scale Automated Security Throughout the Cloud Lifecycle
Cloud apps are now a way of life, but are often neglected in security architectures and maintenance. For cloud services, any new individual or business accounts should be provisioned with security controls as part of the default settings. There are also post-implementation technologies that specifically support event-driven compliance checks.
Integrate AI Governance and Cybersecurity Strategy
Integrating cybersecurity expertise within an organisation’s AI governance council can help inform models around value realisation, risk, and prioritisation, and set up necessary guardrails for approved applications.
Embed Safety Into Decision-making
True cyber resilience is achieved by integrating (rather than adding) cyber security strategies into the processes and decision-making processes unique to each business.
Uplifting security and digital resilience are mostly about focusing on doping the basics well, rather than trying to predict when, how, and from where the next cyber threat will emerge. By taking a pragmatic approach incorporating these five focus areas, it is possible to build resilience quickly and effectively.
