Three investments a security program should make to mitigate risk

Business Insider has partnered with Palo Alto Networks to bring you excerpts from Navigating the Digital Age, the definitive cybersecurity guide for
directors and officers.

Organisations all over the world rely on Palo Alto Networks to detect and prevent advanced cyberattacks while safely enabling applications. To protect your organisation, visit

Photo: iStock

There is no doubt cybersecurity provides longevity to a business and can help differentiate it from its competitors — for both good and not-so-good reasons. The Australian government took important steps to help raise Australia’s cyber resilience with the release of its Cyber Security Strategy in April 2016.

Australia recognises that strong cybersecurity is fundamental to the growth and prosperity of all organisations in the public and private sector, to make the country’s online systems and networks more resilient, and to provide trust and confidence to citizens, businesses and customers alike.

Toward that end, instead of chasing after a silver-bullet security product, organisations in Australia should target investment in three areas to reduce cybersecurity risk:

1. Strong cyber defence

Companies should practice good cyber hygiene to protect and maintain their systems and devices appropriately, ensuring they are up to date. By taking an inventory of your environment and applications, you can ferret out gaps or deficiencies and note where you lack visibility in your network. Some problems are easily fixed, such as rolling out current patches for operating systems.

Organisations should conduct regular health checks around where and how their data is secured, what applications are in use in their network, who are the users, and what do they have access to — as well as the threats traversing the network — to reduce the organisation’s overall risk exposure.

2. A well-trained workforce

According to the 2014 IBM Chief Information Security Officer Assessment, 5 human-related errors lead to nearly 95% of all security issues. Companies should therefore educate employees on how to identify and protect their organisations from threats such as phishing, when hackers pretend to be a legitimate entity in an email.

Cybercriminals may search online for an employee’s interests and hobbies to craft an attack, in the hopes of luring the worker into opening an infected attachment. Organisations should look to move beyond a compliance check for this training and see how they can invoke change to better defend themselves. Businesses should encourage users to protect their data and their systems at home, as this will naturally flow into the workplace.

3. Integrated platform

Organisations should seek out technology that acts seamlessly behind the scenes, on a platform smart enough to take actions on your behalf, with a minimum of manual effort by your security professionals. The only way to deal with adversaries using automated tools is to automate your defences as well.

The elements of your security should be part of an ecosystem — a community of interacting devices, networks, hardware and software vendors, consultants, academics, people, and organisations — sharing threat information constantly and in real time. For example, if malware has been communicating with 10 websites a certain way, and the traffic indicates a threat, your site should learn to ward it off.

Organisations who share threat intelligence among their peers can thwart nearly four out of every 10 hacks. These three elements can also make security efforts more efficient.

You may have seen reports of shortages of cybersecurity talent, with millions of jobs unfilled worldwide. One way we can start to alleviate this shortfall may in fact be through realignment.

If organisations establish basic cyber hygiene, and if the people, processes, and technology all work together, then companies can make better use of the resources they already have.

As Sean Duca, the Vice President and Regional Chief Security Officer of Palo Alto Networks surmises, “If you leave your proverbial keys in the front door, attackers will come straight in, requiring manual response activity that is costly in both time and money. By changing your approach to cybersecurity to emphasise preventing as many attacks as possible, your team can focus on protecting your core business value.”

To continue learning what you and your organisation can do to detect and prevent advanced cyberattacks, download Palo Alto Networks definitive cybersecurity guide for directors and officers, Navigating the Digital Age.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.