Five Ways Enterprises Can Build Cyber Resilience With a Safety-first Approach
Posted: Tuesday, May 21

i 3 Table of Contents

Five Ways Enterprises Can Build Cyber Resilience With a Safety-first Approach

Ransomware, phishing, hackers, data loss – the list of cyber threats to enterprises goes on. Threats to cybersecurity have reached ground zero, with social engineering, system intrusion and basic web application attacks representing 93 percent of data breaches across the Asia Pacific, according to Verizon’s 2023 Data Breach Investigations Report (DBIR).

As Australian national leaders continue to look for ways to shore up cyber defences, businesses are looking more closely at how they can strengthen their cybersecurity resilience.  However, a recent global Accenture survey has found Australian businesses are among the least equipped to deploy technology and talent to drive change.

Digital resilience is critical to protect operations, reputation, customers, and business transformations. It requires being able to look the threats straight in the eye, understand them deeply, and deal with them effectively.

While it is impossible to predict exactly when, how, and where the next threat will come from, it is possible to deal with threats proactively and adaptively by building resilience with a safety-first approach to cybersecurity – here are five ways enterprises can do so.

Implement a Zero-trust Architecture

Zero Trust is a concept that is not limited to a single product – it is about being able to authenticate a user’s identity in real-time using adaptive inputs from multiple platforms across identity, device, network, application, and data.

A zero trust architecture can mitigate ID theft and social engineering attacks, strengthen overall enterprise security, and ultimately improve the user experience.

Include Layered Defences to Protect Against Ransomware

A ‘defense-in-depth’ approach should include layered defense measures in relation to technology, processes, and employees to minimise the threat to the business.

Technologies such as email protection, endpoint protection and backup and recovery solutions are part of the defense tactics, which also include process-oriented elements such as playbooks, threat intelligence, and incident response exercises. Defences that incorporate the people layer include training employees in cyber skills and increased awareness of the threats.

Scale Automated Security Throughout the Cloud Lifecycle

Cloud apps are now a way of life, but are often neglected in security architectures and maintenance. For cloud services, any new individual or business accounts should be provisioned with security controls as part of the default settings. There are also post-implementation technologies that specifically support event-driven compliance checks.

Integrate AI Governance and Cybersecurity Strategy

Integrating cybersecurity expertise within an organisation’s AI governance council can help inform models around value realisation, risk, and prioritisation, and set up necessary guardrails for approved applications.

Embed Safety Into Decision-making

True cyber resilience is achieved by integrating (rather than adding) cyber security strategies into the processes and decision-making processes unique to each business.

Uplifting security and digital resilience are mostly about focusing on doping the basics well, rather than trying to predict when, how, and from where the next cyber threat will emerge. By taking a pragmatic approach incorporating these five focus areas, it is possible to build resilience quickly and effectively.

Aaron Sharp
Aaron Sharp is a senior member of the Verizon Cyber Security practice based in Sydney. Aaron specialises in delivering cutting edge security solutions to Verizon’s enterprise and Government clients. A Verizon veteran of 15 years, Aaron brings a depth of experience spanning risk management, architecture and design, deployment and service design. Aaron is focused on enabling clients using a quantitative, risk based approach to solution design. Aaron brings more than 20 years of experience in IT solutions and security expertise. He has also held various roles with IBM and Cybertrust.
Share This