Why cyber security will become “everyone’s business” in 2016
- 19 January, 2016 06:19
The impact of cyber security on New Zealand businesses will continue to rise in the year ahead, as the digital revolution opens the door to added vulnerabilities.
That’s the view of Scott Bartlett, CEO, Kordia New Zealand, who believes 2016 will be the year that cyber security becomes “everyone’s business” across the country.
“Organisations participating in the digital market cannot operate without a sound information security policy, and more than ever, security is becoming everyone’s business,” Bartlett says.
“From the boardroom to reception, an appropriate security culture has to pervade all aspects of an organisation if it is to be effective.”
Kordia - who purchased Aura Information Security for $10 million in November 2015 - believes that unless Kiwis are effectively “living under a rock”, it’s clear cyber security is fast becoming a “rapidly changing environment”.
Looking ahead to 2016, Bartlett predicts that…
Cyber security will move into the boardroom (and everywhere else)
“It’s been moving up the corporate agenda for some time and in 2016, more than ever, cyber security will be recognised as a boardroom issue,” Bartlett says.
“In a lot of ways, cyber security is like health and safety - it needs to form a key component of the company’s risk management system, and Directors need to undertake their due diligence, get proper advice and demonstrate that they are taking action.
“Shareholders will expect nothing less.”
Attackers will get more and more sophisticated
“It’s easy to get caught up in the cloak and dagger intrigue of cyber security as a vast and intricate problem, but the reality is that attackers are developing methods and tools faster than most organisations are evolving their protection,” Bartlett adds.
“That said, basic attacks like dropping a USB stick with malicious code on it in the hope that an unsuspecting person will plug it in, remain all too prevalent.”
Many organisations will fail to focus on the basics
“The fact that most attacks still come in via the most obvious security holes is precisely because these gaps exist in the first place,” Bartlett says.
“There are many companies in New Zealand and around the world for which security is an afterthought at best or no concern at all at worst.
“That’s reflected in the findings of a 2015 TrustWave report which analysed thousands of applications and reviewed data from over four million network vulnerability scans.
“The report showed that 98 percent of applications tested had at least one serious vulnerability, and 28 percent of breaches were due to weak passwords (this figure goes up to 94 percent for Point Of Sales breaches).”
Skills will remain in demand
“Ethical hackers, security executives and consultants are and will remain in short supply,” Bartlett says.
“But skills, like threats are international - and suitably qualified and experienced personnel come at a high cost.”
Managed Services will provide most of the answers
“Many organisations are realising that 24/7 coverage of the network environment is needed to assure the security of operations - but that it can’t be delivered internally,” Bartlett says.
“Hiring full time, dedicated security professionals is costly; it is also unlikely that said professionals will have enough to do to keep busy.
“For cost and efficiency purposes, Managed Security Services will present the most viable answer, with consulting-led engagements helping Kiwi companies to understand their risk frameworks and establish a security posture appropriate to their specific organisation.”
People and culture will remain the weakest link
“Even the most secure systems can be compromised with social engineering,” Bartlett says.
“While technology is remarkable, particularly when secured, people remain human and can unwittingly throw it open to attackers.
“Social engineering attacks such as phishing and spear phishing attempts arriving by email are increasingly devious and can easily trick people into letting down their guard.
“Good security has to be inclusive, and it has to be in tune with culture; cyber security should start in the boardroom and the executive suite and extend to everyone in the business.”
As security is increasingly recognised as an essential component of doing business, Bartlett believes that Kiwi companies will need to seek more "advanced and complete" services from the market.