With cybercrime now the leading hazard of 21st century businesses, Australian security managers and executives need to think differently about data security and how to deal with the threat of cyber-attacks, top experts have cautioned.
Speaking ahead of his session at the ASIAL Conference in Melbourne on Thursday July 16, Senetas Chief Technology Officer Julian Fay said that companies also needed to learn to integrate security with business functions at an earlier stage:
“Traditionally the business imperative has overridden the security imperative, but this needs to change,” Fay said.
“Security should be the first thing operations teams consider when making key business decisions. It should never be a bolt-on solution.
“We need to see a generational shift in our thinking and ensure that training and education is actually focused on integrating security from the outset.”
Fay said that over time the security industry had become too used to thinking of security as “physical”, when it’s now “virtual and mobile”.
“Old tools are no longer useable in today’s world,” Fay said.
While the internet is providing organisations with the opportunity to operate more efficiently, it also comes with risks. Fay holds concerns over the security industry’s agility in this area, particularly in relation to Cloud Computing.
“Five years ago we were talking about the Cloud as a possibility. It’s now a huge reality for the security industry and so our greatest challenge is to keep up with the speed of Cloud developments and technology advancements like it. While cyber-criminals have advanced their techniques dramatically in a few short years; the IT and security industries have not been able to close the gap,” Fay said.
According to Fay, a data classification scheme, which has been used within the government sector for many years, is now essential for businesses as well. Because not all data is the same or sensitive, Fay believes organisations should adopt data classifications to assist with determining where security investments should be focused most and what levels of controls (i.e. ‘who can see what’) are necessary – for the highest protection of the most sensitive data.
“A key factor in failures to adequately protect the most sensitive data is the perception that all data requires a maximum security investment. This becomes an overwhelming cost issue for most organisations that then use their resources unwisely,” Fay added.
“There must be an awareness of cybersecurity risks and issues at all levels of the business – from the security management team to all management and their end users,” Fay said.
“The human element in cybersecurity is vital. I don’t believe this is emphasised enough.”
Genetec Vice President of Cloud Services and Canadian based Christian Morin has echoed Fay’s comments regarding the need for proper training and processes, which requires different thinking:
“I think there are a lot of people who don’t take the time to adequately address cyber-security issues,” Morin said.
“Information security should be treated very differently to physical security. It’s highly technological in nature and you need people that are fundamentally trained in this area. You also need to dedicate time and resources.”
Also like Fay, Morin believes that one of the greatest threats to companies in this digital age is the false sense of security they have when they think that by ‘seeing’ their device, they think that it’s safe.
“Sometimes people think that because they have an extremely secure facility in a physical sense – that is, you can see your server behind locked doors and there are a gazillion layers of access control – that your assets are logically and virtually safe,” Morin said.
“Too often, people possess the “it won’t happen to me” mentality. Therefore people will only start taking it seriously and being active in cybersecurity after something has gone wrong.”
Morin noted that in the US in particular it had been positive to see some companies take heed after the highly publicised Sony Pictures breach last year, when cyber-attackers hacked into the entertainment company’s system and subsequently leaked private documents.
But Morin has also warned of another potentially crippling trend – businesses often don’t know when assets have been compromised, highlighting the invisible nature of cyber-crime.
Morin said that businesses needed to be frequently monitoring for cyber-security breaches:
“Cyber-attackers are even more up-to-date than you are, and they always find ways to circumvent whatever security you have in place,” Morin said.
“Just because you have a firewall or an anti-virus program, it doesn’t mean that you’re safe. This is a very rapidly evolving landscape and companies have to dedicate full-time resources and staff.”
About the experts:
Christian Morin is the Vice President, Cloud Services at Genetec, Inc., and is responsible for all of the Cloud Services offerings at Genetec. In addition, he also manages the company’s relationship with Microsoft and the cloud offerings built on the Microsoft Azure platform. Since
joining Genetec in 2002, Christian has effectively managed the Operations, Customer Service, Sales Engineering, Technical Support, Professional Services, and IT Teams to support the company’s worldwide growth.
Genetec’s Director of Product Management Francis Lachance will be speaking at this year’s Security Seminar Series on “The future of security is in The Cloud”. Genetec will also be showcasing its latest solutions at the Security Exhibition as part of the Hills exhibit (stand I8).
Julian Fay is a co-founder of Senetas’s leading high-speed network data encryption hardware, now used by many of the world’s most secure organisations for nearly 20 years. Mr Fay will be speaking on Thursday July 16, which is day two of the ASIAL Conference. His topic is “From cyber-threat to cyberterrorism: essential practices in an insecure world”.
For more information on the 2015 Security Exhibition and Conference, July 15-17 in Melbourne, and bookings: http://securityexpo.com.au/