Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
AUGUST - 20238 IN MYV EWInformation Security (InfoSec, Cyber or IT Security) is a critical component of any business. Confidentiality, Integrity and Availability of IT assets are paramount in the modern digital and technology-centric world.In Australia, medium-sized businesses and enterprises (20-400 employees) face the same typical IT security threats as larger corporations ­ big end of town. This article will look at the various aspects of IT security for such businesses. Thus let's start with...ChallengesDespite being medium-sized, these businesses still mostly lack a dedicated IT staff or have limited IT and IT Security resources. Coupled with a limited budget, this reflects that lean businesses have a primary focus on business aspects to survive in their competitive areas. Respectively, IT and IT Security functions usually have less recognition and support from senior management as compared to the main business, resulting in the depreciation of respective IT Security risks and threats.Slowly, business leaders start to realise how heavily their operations depend on IT and how severe could be the outcomes of IT Security risks. Therefore ­ let's look at the common...ThreatsDespite the challenges, the threat landscape for medium-sized businesses and enterprises in Australia remains the same as for large corporations ­ no discounts for size or smaller budgets and resources.Daily business threats consist of malicious emails and phishing attacks, signalling the need for staff security awareness knowledge and practice of cyber security hygiene. Ransomware attacks are also very common, sided with threats of data breaches. Accidental or intentional insider threats are likewise present in everyday routines. IT infrastructure operations, either on-premises or in a cloud, deal with threats of misconfigurations, unpatched or outdated software, 3rd party & IT supply-chain, zero­day vulnerabilities, and legacy systems. Limited IT Security staff often struggle to maintain up-to-date policies, procedures and working documentation. The easiness for regular business users to access Software-as-a-Service resources (shadow IT), wide adoption of remote access and staff working from anywhere ­ these are not new but more and more present threats from modern business practices. So how to face these threats? The answer is in ...RemediationsRemediation controls to counter the threats relate to either technology, process, or people. They can be further classified by criticality ­ essential, recommended, or advanced controls (in order of criticality).Essential controlsEssential technology controls could start with the Australian Cyber Security Centre's Essential eight strategies (which could benefit any business worldwide), even at Maturity Level Zero. These include application IT SECURITY FOR MEDIUM-SIZED BUSINESSES AND ENTERPRISES IN AUSTRALIABY VLAD VYSHNIVETSKYY, HEAD OF CYBER SECURITY, PICA GROUPVlad Vyshnivetskyy
< Page 7 | Page 9 >