‘Make Safety Seen’ through cyber resilience
Amila Elcic, Managing Consultant, Sekuro, tells Women Love Tech we need to ‘make safety seen’ through Cyber Resilience. Here Amila explains how.
If there’s one thing we learned from the high profile cyber-security breaches in the past 12 months, it’s that cyber criminals do not discriminate. The threats are ever-present and span across different businesses and industries, regardless of size or location. No organisation is ever fully safe or exempted from the risks.
Cyber criminals have been wreaking havoc in Australia, resulting in millions of customers’ personal information being uploaded to the dark web. The fall out for these organisations have been palpable not only from a financial standpoint but also from an organisational reputation standpoint. As a result, it has elevated cyber security to the highest priority for many organisations across the country and heightened the expectations of customers and consumers alike as they become increasingly concerned about security and privacy practices. These two factors combined have put enormous pressures on security experts, consultants and engineers to ensure their organisations do not fall victim to the next cyber attacks. Business executives and political leaders are increasingly looking to engineers for support and solutions to the ever-evolving cyber threat landscape, but this myopic and restrictive mindset will only lead to a never-ending cycle of replacing existing problems with new ones rather than looking at the bigger picture.
Instead of striving to become bulletproof to cyber attacks, which is impossible to achieve, organisations should instead focus on building cyber resilience through preventative measures. In fact, the latest Australian Cyber Security Centre (ACSC) report reinforces the importance of making cyber resilience a priority across industry, small business, and government and reminds companies that “boards should consider cyber resilience as part of their statutory responsibilities.”
Building cyber resilience starts with shifting mindsets around the importance of cyber security. By strengthening its resilience muscle, an organisation not only becomes better prepared for the worst-case scenario but is also in a stronger position to balance proactive, preventative measures with incident response solutions for when things go pear shaped, so that the business remains resilient in the face of any attack.
Taking on a holistic and preventative approach to cyber resilience means third party vendor risk assessments need to become a staple in every organisation, across every industry. It’s part of the Zero Trust policy whereby no person, vendor, device, object, or connection should be trusted until it is proven that it can be. History has shown time and time again that an increasing number of data breaches and hacks are often at the hands of, or somehow involve, a third party due to weaknesses in the supply chain and vendors.
With the growing plethora of ‘as a Service’ (aaS) offerings, many organisations mistakenly trust third parties to safeguard their information. More often than not, they don’t realise that every technology vendor they work with has the capability to access their corporate data. Third-party vendor assessments need to be carried out as part of regular and consistent cyber security health checks across an organisation, to help identify the cyber threats and risks associated with each third party at every stage – before, after and throughout the time they engage with the vendors.
On their journey to building cyber resilience, procurement teams, security experts and engineers need to be hyper aware of their current security strengths and weaknesses so they can keep pace with cybercriminals and be ready for any attacks that come their way.
While cybersecurity will always be an essential part of an organisation’s cyber security strategy, protection from sophisticated cyber attacks is never guaranteed. This is why cyber resilience is so important. Cyber resilience encompasses a wider umbrella covering business continuity, implementing critical business processes, identifying potential threat vectors, managing risks, minimising the severity of attacks and implementing procedures to withstand cybersecurity incidents. When done right, cyber resilience enables an organisation to remain operational in the face of ongoing threats.
Amila Elcic, Managing Consultant at Sekuro
Amila is an industry veteran and well-respected expert in the cyber security industry, bringing over 25 years of experience across a range of areas, and dozens of certifications, including the ISO27001 Lead auditor certificate. This year, Amila was the winner of ARN’s Women in ICT Award in the ‘Technical’ category.
This year’s theme for International Women in Engineering Day on June 23 was ‘Make Safety Seen’, which is self-explanatory in certain industries where physical dangers are obvious and modern engineering can be used to make physical tools that keep professionals and individuals safe. In the cyber sector, however, safety and security threats are often seemingly invisible, despite the outcomes of an attack being multifaceted and severe.