Tuesday, 10 November 2020 00:02

Map security activity onto business processes: Tenable

0
Shares
By
Tenable ANZ country manager Scott McKinnel

Australian CISOs are not well placed to communicate cyber risks to their business leaders, according to a new survey.

As part of an international study, 105 business and cybersecurity leaders in Australia were surveyed by Forrester Consulting on behalf of security vendor Tenable.

Among the security leaders, 70% are only somewhat confident, at best, in their ability to report on their level of security or risk when asked.

So it's probably unsurprising that 67% of the business leaders are at best only somewhat effective in communicating threats that pose the greatest risk to the organisation.

"Cyber[security] is still perceived as the domain of the IT department," Tenable ANZ country manager Scott McKinnel told iTWire.

CISOs are typically former technology practitioners, but they need to take a business perspective so they can determine how cyber activity is impacting the organisation's risk posture, he suggested.

More-sophisticated organisations have risk committees that oversee cybersecurity along with other issues, but that isn't the norm, McKinnel said.

Forthcoming legislation will probably provide "a very clear indication" of the minimum security requirements for significant organisations, he predicted, but the Essential Eight already provide a security baseline.

"Basic system hygiene removes a lot of the risk," he observed.

From there, CISOs need to understand their organisations' assets (including those operated by third parties) and where the vulnerabilities are. That provides a context that can be used to determine priorities and KPIs.

"All the tools are available" (from vendors including Tenable) to suit organisations of different sizes, he said. What's needed is a willingness to take action.

Assets can be mapped onto business processes, and automation – including AI – can be applied to help identify the most important components so they can be prioritised.

Any proposal to increase spending is likely to be challenged – especially in the current environment – so CISOs need to show that systems aren't at the desired level of risk, and the potential business impact of an adverse outcome.

This information needs to be presented very simply to business leaders, along the lines of "This is what can happen. Are you prepared to take that risk? If not, we need to take this action."

The survey also found that 92% of Australian organisations experienced a business-impacting cyberattack in the past 12 months.

73% of these attacks involved operational technology (OT) assets. 45% were some form of fraud, 44% were COVID-19 related phishing incidents, and 43% were data breaches.

Ransomware played a part in 39% of incidents, and software vulnerabilities in 36%.

These findings apply to a wide range of organisations in terms of size, geography and industry, said McKinnel.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Latest from Stephen Withers

Related items

More in this category: « Indian COVID vaccine research firms hit by Windows ransomware
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top