Navigating cyber security risks

Cyber threats are nothing new, in fact, they’ve been around since digitisation first occurred. But these days, as organisations become increasingly reliant on technology, these threats are growing in complexity and having greater impact on day-to-day business operations.

The issue with mitigating these risks is that cyber criminals are effectively shape-shifters, discovering and manipulating vulnerabilities before disappearing and popping up elsewhere with a new threat. Staying ahead of the game is progressively becoming more difficult, and it’s now more important than ever for organisations to lock down their security protocols, systems and processes to avoid potential consequences of unanticipated attacks.

Of course, not all risks can be entirely eliminated, but that doesn’t diminish the importance of continually identifying, assessing and managing risks as part of an ongoing process.

The threat is real.

Cyber attacks are happening all around us, and they no longer fall into the category of IT risk, but rather something that should be considered a major business risk.

Consider the British Airways data breach in 2018. Following the incident, the airline cited that approximately 380,000 customers were affected, and that stolen data included personal and payment information. When asking customers to come forward if they had been impacted by the breach, they were warned to be wary of phishers claiming to be from British Airways looking to steal additional personal details.

In another case, Melbourne Heart Group fell victim to a data breach, seemingly for no reason other than to cause disruption. Patient records were switched, leaving medical professionals unable to access patient records for almost three weeks. Its servers were completely disabled, and data management systems were corrupted.

The consequences of inaction.

As you can see from these examples, cyber criminals aren’t always after money, or even personal gain. Some simply intend to purposely upset the stability of systems only to sit back and watch the show as destruction unfolds.

We already know that awareness and understanding of cyber risk doesn’t always translate into action, and that even when organisations do have sound risk management processes in place, they don’t always test them regularly against new and emerging threats.

By not staying ahead of the game, companies leave themselves open to cyber breaches, which result, more often than not, in financial losses. Being offline means customers can’t make purchases. Equipment may become damaged and need replacing if generators go down. The company reputation may also suffer due to a lack of trust from customers following the breach.

A step by step approach.

A robust risk management process that allows an organisation to identify and mitigate risks is a good starting point, but without support from the wider business it’s unlikely to be successful in the long term. A good risk management strategy needs to establish communications and general awareness within a business as a whole, which in turn allows decisions about risks to be considered in the context of organisational objectives.

So, we need to take a business-first approach. This means establishing a culture of risk awareness and providing tools such as ongoing leadership training and information sharing. Also, ensuring that staff, leadership teams, and stakeholders can communicate clearly about potential risks and management strategies in such a way that’s proactive, and works to increase resilience across the entire organisation.

On the technology side of things, security products, services, and systems are constantly being developed and improved to combat cyber risks. It’s now more important than ever to lead with a security focus when designing and building network architecture, and to implement best practice industry standards across the board to stay ahead of threats.

But beyond architecture and industry standards, what other practical steps can be taken? Well, we can’t speak for everyone, but we can speak from our own experience.

A collaborative path to security.

At accesstel, we take a step-by-step, collaborative approach to security. First, we work closely with our customers to understand their pain points, accessibility requirements, physical assets, and existing policies and procedures. Then we design custom solutions to fit their needs. Knowing the right questions to ask, we can apply ongoing learning strategies to ensure our solutions are kept up to date and able to meet new threats as they emerge.

We’ve established and follow a methodology that focuses heavily on encryption as a foundation for security protocols. This means we’re able to protect both data in transit and data at rest from attackers who are finding increasingly innovative ways to compromise and steal sensitive data.

We then apply rules for centralised authentication and authorisation with strong password policies and implement multi-factor verification to restrict access in line with customer requirements. We provide permissions to restricted devices on an as-needed basis (essential for large enterprises), ensure software versions are kept up to date, and segregate physical assets with a layered approach. We track and audit historical data to predict future patterns and vulnerabilities, amongst other things.

By leveraging the knowledge and experience we gain from each and every customer project, particularly in a large enterprise, we’re able to ‘pay it forward’ to new customers, and ensure the products we’re developing aren’t only on par with industry standards, but seek to exceed them.