Adopting a risk-based approach to cybersecurity

By April, 2016 April 15th, 2016 Exclusives, ICT

CeBIT Australia 2016 urges that governments and businesses combat cyber attacks with a risk-based approach to cybersecurity.

It’s becoming more and more apparent that both business and government are getting serious about data security and protection as cyber attacks and information leaks become more common.

PricewaterhouseCoopers (PwC) recently released the 2016 Global State of Information Security Survey, and one of the key takeaways shows that an astonishing 91 per cent of organisations have adopted a risk-based framework or frameworks. But what exactly are these frameworks and are they appropriate for government as well as business?

This post looks at embracing a risk-based cybersecurity framework in government to help ensure your agency can:

  • Keeps its data more secure
  • Enable better internal and external communication
  • Identify threats quickly
  • Expose potential security gaps
  • Develop security standards

Is compliance enough?

Across the globe there are many industry standards that have been developed to protect organisations from the threat of an attack. However, simply going through the motions of compliance and ticking boxes may not be the best way to ensure your department’s information is safe.

The reason for this is that compliance may not cover all the risks associated to a government department, especially when there is sensitive information on citizens or national security at risk.

Rather than focusing purely on compliance, government departments need to understand the difficult details of what kind of impact a data breach could have on the organisation and any stakeholders involved. Having a risk-based approach will allow your department to better prepare itself in the long run.

Where to start when it comes to a risk-based approach?

A good place to start would be to familiarise yourself with international standards such as the US National Institute of Standards and Technology (NIST) Cybersecurity Framework, SANS Critical Controls and ISO 27001.

Data breaches are indiscriminate, and getting to know the risks and approaches to mitigating these risks should be the first step in your framework.

The Information Security Manual released last year refers to this as having a strong security posture. It’s essential that potential intrusions are detected and responded to, rather than just trying to secure your organisation from specific attack threats as they may occur. The quicker and more effectively you can deal with an incident, the better the position you will be in when it comes to data loss or a security breach, and that is the essence of developing a risk-based approach to cybersecurity.

Collaboration is more powerful than ever

Two minds are more powerful than one — and this especially rings true in IT security. 65 per cent of the survey respondents said they collaborated with similar business and partners to improve cybersecurity and reduce cyber-risks by sharing data. These collaborative efforts are up by 15 per cent from 2013.

Organisations who collaborated said data information from industry peers was more actionable and improved threat awareness. Those organisations not collaborating said it was because of system-misalignment or updates being unable to be communicated at network speed.

This may prove especially handy for government, as recently, Turnbull announced his investment into the digital marketplace to ensure more start-ups and SME have access to government tenders.

Final thoughts

Technology alone cannot secure your department from the risk of a devastating data leak, however, implementing the right risk assessment policy and standards will definitely aid to protect your organisations data.

Further, taking a collaborative approach to cybersecurity in which intelligence is shared between external partners in the public and private sector will help yield greater knowledge on threats and the appropriate response techniques.

If you want to learn more about mitigating cybersecurity risks, register your pass for Cyber Security conference powered by CeBIT Australia today. CeBIT Australia will be taking place on the 2-4 May at Sydney Olympic Park, get your free visitor pass here.

More on CeBIT
The argument for getting government to embrace writing in plain English isn’t new, but why is it so hard and is it really ‘dumbing down’?

DTA on writing for everyone

| Education, ICT | No Comments
The argument for getting government to embrace plain English isn’t new, but why is it so hard and is it really ‘dumbing down’?

Kaspersky wave hits Switzerland, then Aussie shores

| ICT | No Comments
First Zurich, then Sydney.
Your Facebook doesn't need to match your birth certificate or your resume. Forget the rules and alter it to protect yourself.

Stop using your real name on Facebook

| Analysis, ICT | 2 Comments
Seriously.
Australia's frontline reporting vanguard Crime Stoppers has formed a partnership with Kaspersky Lab to boost its knowledge on reported cyberattacks.

Crime Stoppers strengthens cybersecurity know-how

| ICT | No Comments
Partnership with Kaspersky Lab to ensure better response to reported cyberattacks.
GovNews Newsletter

Stay informed with GovNews...

Gain valuable insights into the latest news, 5 Minutes With, up-coming events and government concepts and initiatives exclusive to eNews.

Only use your corporate email address to sign up. Personal emails (e.g. gmail, yahoo, hotmail, live etc…) will be removed.

You will need to confirm your subscription. Check your junk folder if you have not received a confirmation.