The implication for Australian company directors is they now appear more cyber-liable. Directors can no longer turn a blind eye or cite the complexity of the landscape as an excuse. Directors must set up proper standards of cyber security to be implemented by management, with clear evidence of stepping stones in maturing cyber security.
But where do you start?
Here are ten types of cyber technology, summarised from Harvard’s Managing Risk in the Information Age. The priority of the technology to an organisation will be based on their circumstances; however, technologies should overlap, improving the security posture and leaving “no cracks”.
Intrusion detection (IDS) and prevention systems (IDPS) - IDS is implemented to passively monitor network traffic and running processes to identify potential threats. IDPS stops potential threats and requires deep technical expertise for configuration and adjustments. IDS provides a log for review and requires less technical expertise.
System and application logs - Mission-critical systems and data, have logs recording all actions and alerts to be generated for unusual activity.
Security information and event management products - For selected logs of mission-critical applications, SIEMs are in place to analyse events and issue alerts.
Antivirus software - Implemented to detect malware and potentially prevent system infection. Alerts will be monitored.
File integrity software - To monitor changes to computer files, comparing checksums with previous checksums to verify data integrity.
Anti-spam software - Will detect spam messages and stop them from being delivered to mailboxes. This will reduce content that could lead to an attack.
Firewalls - To block illegal attempts of network connections. Their logs will be consciously correlated to other alerts generated by other devices.
Network analysers - Monitoring the network for any unusual traffic that could be a possible indication of a cyber-attack.
Availability monitoring - Monitoring user experience in accessing servers and applications. This technology is one of the first indications that a cyber-attack may be occurring.
Vulnerability scanners - Will be deployed across systems to detect vulnerabilities; these will be used extensively for non-mission critical systems where no system and applications logs are implemented.
What if you don’t know the answers to the above … nor their investment profile?
Begin with an inventory of the existing technology.
Consider a temporary or part-time Chief Information Security Officer to connect the IT team and the executive. Who, internally or externally, could fulfil this role? They can help prioritise what technology will mitigate your organisation’s most significant vulnerabilities.
Here is a copy of a keynote I have delivered on Cybersecurity.