As issues in healthcare, supply chains and geopolitics abound, DDLS Cybersecurity Lead Jeremy Daly shares why cybersecurity is everyone's responsibility - from information security professionals, policy makers and individuals and end users.
In an April 2022 advisory, the Australian Cyber Security Centre (ACSC) sent out an updated advisory urging organisations to prioritise mitigating against threats posed by a range of malicious cyber actors. These actions include:
Patching applications and devices, particularly internet-facing services
Implementing mitigations against phishing and spear phishing attacks.
Ensuring that logging and detection systems are fully updated and functioning.
Reviewing incident response and business continuity plans.
New Zealand’s National Cyber Security Centre (NCSC) have also released advisories encouraging procedures like Multifactor authentication (MFA) enforcement and the use of tools like built-in Windows security features available in PowerShell.
In the Philippines, urban planners, property developers and local government units have been urged to integrate cybersecurity investments in smart city blueprints to avoid attacks on the operational technology infrastructure of the country’s future smart cities.
Cybersecurity and why it's Everyone's Responsibility
Jeremy Daly, Cybersecurity Lead, DDLS
The last two and a half years have seen a huge disruption and shift in the way we go about our lives both professionally and personally.
And while we have had to adapt - and quickly - to many lifestyle changes, one topic that has been given almost a rockstar status even though it has been highly relevant previously is Cybersecurity.
It seems like every other week, we are hearing about an individual losing their life savings after falling for an online scam through either phishing attempts or financial scams. And unfortunately, the threat actors aka bad guys are doing such a good job that it can be hard to work out what is legitimate and what isn’t.
The same can also be said for large organisations that have also been the victim of malicious attacks, resulting in millions and sometimes billions of dollars in loss.
In years gone past, if the bad guys wanted money they would rob a bank but today they will go after anyone and everyone from individuals to multimillion-dollar enterprises as it is easy money for them without the risk that comes from a physical robbery.
So how can we combat this and what can we do to protect ourselves and others from falling victim to these scams?
Many malicious cyber attacks can be because of unintentional or accidental reasons. This is why human error accounts for a large percentage of all breaches. Everyone has a responsibility these days.
While the IT teams will do everything they can to secure the organisation, we can’t rely on them alone. Everyone else also has the responsibility to ensure they are aware of what defines a cyber risk and how to identify and protect themselves from malicious activity.
Organisations need their management and cyber professionals to drive this awareness training to employees. This is to ensure that their systems are secure and their data is safe. AND to educate and build on the organisations' cyber awareness, especially when the majority of the workforce today is remote.
So what can you do personally to be more security aware?
Remember to stop and think before you act. If you are not sure or something doesn’t feel right then seek advice.
Never supply login credentials or personal information in response to a text or email.
Use multi-factor authentication to verify any change to account information or wire instructions.
Check the email address on any message you receive for mistakes and be alert to links that may contain misspellings of the actual website name.
Protect device browsing with up-to-date anti-virus solutions to prevent browsing to malicious phishing websites and keep all software and apps up to date on all devices.
Encouraging a Culture of Vigilance and Awareness
The first step in improving cybersecurity awareness should be strategising how to promote a strong security culture – a workplace, household or community that implements the right tools and policies for protection and trains its members in best practices. The next step is to facilitate regular cybersecurity training.
Successful cybersecurity starts at the top – from government policy makers, community leaders and company executive teams. IT teams should also be given avenues to share their stories and insights. (Watch and listen to one of our public sector cyber security students.)
Implementing Regular Cybersecurity Training
The team at DDLS are committed to supporting organisations as they enable their people with cybersecurity skills and knowledge. Enquire about our flexible delivery modalities via DDLS Anywhere. We offer cyber security training across our campuses in Australia in Sydney, Perth, Canberra, Adelaide, Brisbane, Melbourne, in BGC in the Philippines and in Christchurch, Auckland and Wellington in New Zealand.
You can find information on the cybersecurity training that we deliver - in partnership with organisations like (ISC)2, EC-Council, ISACA and CompTIA when you access our brochure. You can also reach out to our team to discuss your cybersecurity training requirements.