Ready for action: the vital importance of proven security processes

Daniel Hayes Head of Cybersecurity Linkedin Profile
Ready for action: the vital importance of proven security processes

The frequency and scale of cyberattacks are growing daily. Recent attacks on Optus and Medibank are prime examples, in which the personal details of millions of customers were stolen and exposed. This included things like names, dates of birth, drivers’ licenses, and even passport numbers.[i]

This ever-growing risk of attack has reinforced the need for cybersecurity to be a critical area of focus for businesses of all sizes. According to PwC Australia’s 25th CEO survey, cybersecurity concerns now rate higher than Covid-19 impacts, economic volatility, and climate change.[ii]

Having robust security processes in place has also now gone beyond being a ‘check box’ requirement, to a factor that determines a business’ overall strategic direction and propensity for success. AICD has recently released a set of Cyber Security Governance Principles which encourage businesses to work with security experts and the government, to align against threats. According to Hon Clare O’Neil MP, Minister for Cyber Security, “Directors have a critical role to play and must seek to lift their own cyber literacy levels, recognising that this is a key risk that can never be eliminated but can be effectively managed.” [iii]

I have written previously about how a solid, strategic security approach involves three key elements: people, processes, and technology.

In this blog, I want to focus on the process component, which is vital in establishing the secure foundation that modern businesses need. When I refer to ‘process’, I’m not just talking about the steps an organisation takes action if a breach occurs (although this is a crucial part of it). I’m referring to a full range of processes that span security – from those that ensure effective governance and compliance, right through to those which determine your ongoing monitoring and incident response.

Here at Brennan, when looking at an organisation’s security, we typically focus on three key areas:

  • Governance, risk, and compliance
  • Mitigation and management
  • Monitoring and response

Here’s a quick overview of best practices in each area:

Governance, risk and compliance

As the volume and type of data that organisations capture, store, and use has increased dramatically, so too have the regulations surrounding it. Organisations need to meet an ever-growing and increasingly stringent set of criteria and show commitment to meeting government recommendations like the ACSC’s Essential Eight.

A security expert can help by examining your organisation’s level of compliance and risk exposure, in accordance with the latest requirements. This includes:

  • International Organisation for Standardisation (ISO) 27001/27002 standards
  • The Australian Cyber Security Centre (ACSC)’s Essential Eight
  • National Institute of Standards and Technology – Cybersecurity Framework (NIST CSF)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • APRA Standard CPS 234
  • Defence Industry Security Program (DISP)
  • Information Security Manual (ISM)

We can then work with you – step by step – to ensure you have the right processes in place to meet each of these requirements and recommendations, and that you will continue to do so in the future. Also, as regulations change frequently, it’s important to have processes in place to ensure you’re always up to date and your level of compliance doesn’t lapse.

Mitigation and management

There are now all kinds of intelligent, automated, technology-led ways to mitigate and manage the security risks to your organisation.

Our team can work with you to help you select the right technology, support and tools to help you:

  • Maximise end-user security to reduce the risk of employees either intentionally or unintentionally exposing you to security risks.
  • Implement and manage your endpoint security, to minimise the likelihood of attackers entering your organisation.
  • Consolidate and securing individual applications and ensure protection at the device level.
  • Provide security protection across your network and edge where a growing volume of data is now collected.
  • Implement ongoing patches and tests to ensure your security remains robust well into the future.

Monitoring and response

Security threats change constantly and staying on top of your security requires ongoing proactive management and monitoring.

Areas you should be focusing on include:

  • Detect, contain and remediate your security processes.
  • Provide 24/7 monitoring of your overall environment.
  • Implement robust incident response processes in the event of an unplanned security breach.
  • Develop response plans that are fully customised to your operation.
  • Ensure you are fully prepared for a breach and its implications.

What happens if a breach does occur?

While we take all steps to minimise the risk of a security breach, it’s also vital that organisations have processes in place should a breach occur.

This may involve:

  • Creating playbooks that outline the steps to mitigate the impact of a threat and ensure its rapid resolution. Having these also helps outline who needs to take what action, eliminating uncertainty and allowing you to respond quickly.
  • Implementing RACI matrices that clearly define the roles and responsibilities of each person or team, giving direction and allowing the process to run smoothly.
  • Developing an Incident Response Plan which covers both the security aspect – Cybersecurity Incident Response Plan – as well as the operational: Business Continuity Plan and Disaster Recovery Plan.

A great advantage of working with an experienced cybersecurity partner such as Brennan is that we can work with you to optimise your processes at every step. Our six-step methodology ensures we start with a full understanding of your security requirements and then deliver and optimise your processes well into the future.

If you would like to get started, get in touch to request an initial security discovery session.

Join us on social

Get in touch

Tell us what you need help with, and we’ll send the right expert your way.