The frequency and scale of cyberattacks are growing daily. Recent attacks on Optus and Medibank are prime examples, in which the personal details of millions of customers were stolen and exposed. This included things like names, dates of birth, drivers’ licenses, and even passport numbers.[i]
This ever-growing risk of attack has reinforced the need for cybersecurity to be a critical area of focus for businesses of all sizes. According to PwC Australia’s 25th CEO survey, cybersecurity concerns now rate higher than Covid-19 impacts, economic volatility, and climate change.[ii]
Having robust security processes in place has also now gone beyond being a ‘check box’ requirement, to a factor that determines a business’ overall strategic direction and propensity for success. AICD has recently released a set of Cyber Security Governance Principles which encourage businesses to work with security experts and the government, to align against threats. According to Hon Clare O’Neil MP, Minister for Cyber Security, “Directors have a critical role to play and must seek to lift their own cyber literacy levels, recognising that this is a key risk that can never be eliminated but can be effectively managed.” [iii]
I have written previously about how a solid, strategic security approach involves three key elements: people, processes, and technology.
In this blog, I want to focus on the process component, which is vital in establishing the secure foundation that modern businesses need. When I refer to ‘process’, I’m not just talking about the steps an organisation takes action if a breach occurs (although this is a crucial part of it). I’m referring to a full range of processes that span security – from those that ensure effective governance and compliance, right through to those which determine your ongoing monitoring and incident response.
Here at Brennan, when looking at an organisation’s security, we typically focus on three key areas:
- Governance, risk, and compliance
- Mitigation and management
- Monitoring and response
Here’s a quick overview of best practices in each area: