Importance of mobile highlighted in IBM study

Staying ahead of the curve is becoming increasingly important for organisations across the globe, and technology can be a key driver.

Few other technologies are as important to businesses as mobile, whether for staff or customer use. Smartphones and tablets offer unparalleled productivity and communication benefits, and new ways for companies to stay interconnected.

Companies will now have to begin turning attention to mobile, but it's going to be essential to stay focused on security.

Thanksgiving drives mobile momentum

For the first time ever, mobile device traffic climbed above traditional PCs on the American holiday of Thanksgiving, reaching 52.1 per cent of total online traffic.

In fact, the mobile use continued on Black Friday, which saw online sales rise 9.5 per cent and mobile devices account for one out of every four purchases.

"Mobile has become the new Thanksgiving tradition as consumers find the best deals with their fingers as well as their feet," said Director of IBM Smarter Commerce Jay Henderson.

This is a significant figure, as PCs were traditionally the go-to devices for web services such as shopping. Such a shift means businesses need to take note – as consumers accessing business services on mobile require a different approach.

For example, if customers are purchasing products on mobile devices, they'll need to either optimise their website for mobile or build a version of their site that is solely for handheld devices.

Business should look to the examples set by American companies, which IBM notes have found success.

"We saw retailers harness the power of data to engage shoppers, identifying the unique preferences of their customers while quickly capitalising on online, mobile or in-store trends as they emerge," Mr Henderson said.

Of course, mobile strategies cannot exist without security. Failure to put any protective measures in place while pushing ahead with the trend could result in harm to the company.

Productivity over security

Staff using mobile devices for work stated that security efforts are now being sacrificed for productivity, in a new poll by Raytheon.

A substantial 52 per cent of the survey respondents noted that security is now being "compromised and circumvented" in order to drive further productivity benefits. This sets a dangerous precedent, especially with customers increasingly moving into mobile.

Businesses need to keep mobile security at the top of the priority list, even if it means sacrifices in other areas. While customers may find the service not as capable, the security assurances are invaluable.

Focused mobile strategies are certainly the answer, as they provide a central framework for the business. 

Ashok Sankar, the vice president of Cyber Strategies at Raytheon explained that what's needed are strategies designed to both preserve the mobile user experience while simultaneously keeping security at the top of the priority list.

While these may seem difficult to implement, they're going to prove essential as customer use of mobile devices continues to grow.

A shift to mobile can be made easier, however, if businesses adopt a capable framework.

Deploying a framework

Keeping a handle on mobile operations is certainly no easy task for businesses – regardless of size. Whether a small company or massive enterprise, mobile represents a shift in workflow that requires careful management.

IT and business leaders may want to consider training staff in a best-practice IT management framework such as ITIL. This has been designed specifically to guide IT operations, ensuring they proceed smoothly from the outset.

To learn more about ITIL and how it can be applied to the mobile IT operations of a business, get in touch with the capable team at ALC Training. ALC can deliver courses throughout the Asia Pacific and to countries across the globe.

The top 3 IT security failures

IT security is currently a hot topic among organisations, with data breaches continuing to proliferate across the globe, causing significant financial and reputation damage.

In fact, 1.5 million cyber attacks were logged last year in the US alone by IBM. What's more, the research found companies experienced an average of 16,856 attacks per year. Many of these attacks are unsuccessful, but the statistic serves to paint a troubling view of cyber security.

As with any problem, the solution lies in understanding – and this is especially true in regards to IT security. When organisations are aware of the various threats, it becomes easier to manage risk.

Here are the top three IT security failures and the necessary approaches to cut down on the danger of breaches – regardless of the type or size of an organisation.

1) Misconfigured systems

It's common to believe most data breaches occur due to outside attackers, malicious groups specifically targeting a particular business.

These do make up a percentage of the reason for data breaches, but misconfigured systems and applications actually take the lead as the most common causes. In another IBM study based on 2013 attacks, 42 per cent of all breaches were due to this reason.

These breaches can occur in both small and large organisations, and require diligence to prevent them from happening.

Frequent spot checks of applications and systems are an excellent way to get started, with personnel investigating potential errors or weak points.

2) End user error

This next security failure is another that may not seem to be common, but it accounts for 31 per cent of breaches in the IBM study. These types of failure are those where an individual causes the breach, either with intent or inadvertently.

It's going to be difficult for a business to prevent purposeful data breaches from occurring, but there are ways to reduce the likelihood of an accidental breach.

For example, growing what's called a "culture of security" is one of the more effective measures. This involves training staff on the dangers of data breaches, and how these events can impact not just the company but also their individual productivity.

3) Targeted attacks

Finally, the cause that many may believe is the most common actually only causes 6 per cent of breaches. These are targeted attacks designed from the outset to either cause damage to the IT infrastructure of a business or obtain sensitive information.

Protecting against targeted attacks by an individual or group is difficult, and requires a combination of factors. One of these is a comprehensive security system that's constantly updated and upgraded.

Secondly, a strong security culture and awareness among staff. This is key, as outside attackers may seek to gain access to the organisation through targeted phishing emails designed to extract information or similar method.

Developing the right mindset

Security systems are a necessary step, but they're certainly not the only one. Organisations of all sizes need to know that data breaches can occur due to a number of reasons. The question is, what can these companies do?

A strong approach is the use of a framework such as SABSA, a methodology for developing security architectures within companies. Essentially, SABSA guides the development of risk and opportunity focused architectures at the enterprise and solutions level.

It can also prove useful for aligning and integrating security and risk management into IT architecture processes. By taking the time to collate these processes, organisations can effect more comprehensive security strategies.

To start taking advantage of SABSA, get in touch with the ALC Training team to find out where the necessary certifications can be delivered.

The value of a data-driven approach

Data has the capability to drive businesses forward, providing valuable insight and opportunities for organisations.

Usage is set to see massive growth over the next few years, and the time is now for companies to begin planning an implementation.

In fact, data production is set to be 44 times greater in 2020 than 2009, according to research from CSC. This certainly highlights the speed at which the industry is moving, and the necessity of acting sooner, rather than later.

Failure to consider the benefits of data could mean businesses are left behind as competitors take advantage of useful information.

By using data with the right tools, people and intent, organisations can drive success across a number of areas within the company. For example, by better predicting how different trends impact the business.

Of course, there are a number of challenges that need to be addressed prior to jumping on board.

The benefits and challenges of data

Access to data means it's easier for companies to analyse their particular market, especially when it comes to revealing new insights.

The applications of increased data access are broad, and it means the information can be used by many sectors. For example, a medical institution may take advantage of data to better understand a particular disease, while a supermarket chain could see what products perform well.

If managed correctly, data can also be deployed without interfering with standard business operations. However, there are still challenges.

In a Bain and Company survey, the organisation found that 56 per cent of executive respondents reported they were not up to the challenge of identifying and prioritising relevant insights.

The company explained the required business approach: "Successful analytics teams build those capabilities by blending data, technical and business talent.

The company outlined the required business approach, stating that successful analytics teams blended data, technical and business talent to achieve results.

Security is another key area that requires attention, as increased data access could leave a business with a higher chance of important information leaking – whether or not it's intentional. It's here where a focus on IT security is necessary.

US Department of Energy deploys data-centric technologies

The US Department of Energy has recently recognised the value of data, and adopted a "data centric" approach with IBM. The government department awarded two contracts to develop and subsequently deliver advanced super computing systems focused on data.

According to IBM, these systems could not have come at a better time for the department, as the world is now generating over 2.5 billion gigabytes of data every day.

Managing and analysing this information requires the appropriate systems, which IBM was capable of providing.

Through the use of the data centric approach to architecture, a system pioneered by IBM researchers, the Department of Energy can better manage and effectively utilise relevant information.

The value of project management

As data continues to grow as a key consideration for businesses, it's essential to utilise effective management. Often, a framework such as PRINCE2 is the best course of action.

This methodology, which is taught to employees of a company via a series of courses, provides the necessary knowledge to effectively handle a large business transition, such as a shift to increased data usage.

Once in place, the company can scale operations to take advantage of data, using the more detailed information to benefit operations.

To start the PRINCE2 certification process, it's a good idea to speak to a professional from a leading provider, such as ALC Training.

It's not just government departments that can use data, however, as companies of all sizes can benefit from increased access to information.

Looking ahead, it's going to become ever-more important to consider the value of data implementation as production increases.

Securing mobile devices in a changing threat landscape

Mobile devices are becoming increasingly critical for business operations throughout both small and large organisations. Of course, with an increased uptake comes greater security risk – something that requires attention.

This article will take a look at the use of mobile devices within businesses and potential IT security risks as the threat landscape continues to change.

The growth of mobile

Smartphones have become an essential tool for businesses, growing to rival even the laptop and desktop in terms of necessity. With the modern smartphone, employees are able to stay in touch whilst on the road, share documents and photos from anywhere and operate remotely with a greater degree of freedom.

Simultaneously, tablets are offering robust computing experiences with a high degree of mobility, further negating the need for larger computers.

For many businesses, these tools represent a significant overhaul of traditional operations and this subsequently opens the door to new security risks.

It's essential that companies take all necessary actions to cut down on the chance of security breaches.

Mobile security risks

Mobile malware is growing at a faster pace than last year, according to the TrendLabs 1Q 2014 Security Roundup report from Trend Micro. The number of mobile apps at high risk of malware infection reached two million in this quarter alone.

The company explained that cyber criminal demand for malicious tools and services could be a primary driver of infection growth.

Organisations have a significant challenge ahead when dealing with smartphone security, as attacks can come from insecure applications installed off the internet. These apps could even be installed by staff unaware of the dangers.

However, strategies do exist for mitigating mobile threats, but they could involve a significant rethinking of security within the organisation.

There are two options for handling mobile device security. One is mobile application management (MAM), which involves the company securing only company-specific applications on a device, and the other is mobile device management (MDM). This process differs significantly, involving a company taking control of the entire device and securing every aspect.

While it would appear to be the most secure option, growth of other trends such as bring-your-own-device (BYOD) has meant staff are using their own smartphones – and companies cannot manage every aspect of an employee-owned phone.

As different security threats manifest themselves in the near future, staying on top of data protection for employees will need to remain a top priority. Of course, it's also going to be increasingly important to ensure that customers are safe from potential security threats.

A consequence of failing to deal with proper security is often reputation damage from losing data, and potentially a struggle to return to normal operations.

Any sort of push into mobile requires appropriate security consideration, and the necessary methodologies to deliver cohesive security solutions.

One of these solutions, SABSA, is comprehensive, and relatively easy to implement within an organisation.

Utilising SABSA

SABSA can play a critical role in the security of organisations, as it's a best practice method used by leading organisations across the globe.

Once IT staff have SABSA training, they're capable of ensuring security needs are delivered and subsequently supported.

For organisations wanting to find out more about SABSA, as well as other useful IT frameworks, speak to ALC Training today. Courses can be delivered to all major cities within Australia, as well as other key locations throughout the Asia Pacific and across the globe.

Taking the time to focus on security now is certainly preferable to dealing with the fallout of a significantly damaging security breach.

Dealing with cloud misconceptions

Technology has come a long way in a short space of time, with the cloud standing out as one of the best examples. Improvements to communications, staff workflow and productivity can all be seen through the implementation of new cloud platforms, but there are also misconceptions that can limit the benefits.

It’s especially important that IT leaders understand common cloud misapprehensions, and the most appropriate ways to deal with them.

Understanding and dealing with cloud misconceptions

Like a number of new technologies, the cloud has quickly expanded in use across a number of enterprises and business sectors. In turn, this has resulted in the perpetration of a number of myths – many of which can lead to false expectations.

It’s important that these misconceptions are understood by the IT leaders within an organisation, so as to ensure projects have realistic, achievable goals.

The cloud is applicable everywhere

This is certainly one of the more common myths, and for good reason. A substantial number of technologies have been paired with the cloud to great effect, such as video conferencing, file storage and remote working. In turn, this has lead to an assumption that the technologies can be utilised for any purpose.

For example, a business may operate a legacy application and decide that it’s a good candidate for a transition to the cloud. Unless there are cost savings, however, it’s a good idea to forgo any such implementation and continue operating the legacy platform.

The solution: A project management framework such as PRINCE2 is one of the most effective ways to deal with cloud misconceptions, as it means a concrete plan is put in place from the outset.

Any cloud project undertaken through a proven methodology has clear goals that all personnel involved in the project understand – this is key to ensure success. When everyone is on the same page, there are rarely unrealistic expectations that cloud cause delays or derail the implementation of a cloud platform.

The cloud is less secure than traditional technologies

Moving from traditional IT platforms to a new, cloud-based alternative can be a daunting prospect for businesses of any size, given the change required. In many cases, security concerns are also rampant – but these concerns are often unfounded.

A cloud platform that’s implemented correctly should have the same focus on security as traditional platforms, along with additional layers of security in the form of monitoring. Essentially, a vendor constantly surveys a cloud platform, assessing any possible security threats that could cause issues.

The solution: Businesses may also want an additional security assurance, and a security framework is likely to be of value here.

SABSA is a methodology designed specifically to assist businesses in the creation of useful, risk-focused security architectures. It’s highly effective for organisations of all sizes, given that it’s essentially a group of frameworks, models and processes that can be utilised individually or as a group.

As a result, the methodology can be tailored to the current technology implementation underway within the business, such as the cloud.

There’s no data privacy

A lack of privacy was cited as the most common cloud myth by Microsoft. This almost certainly stems from the misconception that all company data is stored in a central location that’s accessible to other businesses sharing the same storage. In fact, each business using a cloud-based solution is accessing a highly secure section that no other companies have access to. Any possible privacy breach is more likely to come from within the business.

The solution: To ensure that privacy remains a top priority, businesses can again use the PRINCE2 framework. This means a plan is effected that controls who has access to the cloud-based system, thus ensuring only staff that need access are granted it.

Overcoming cloud misconceptions is a necessary step in order for businesses to successfully implement cloud technologies.

 

Related Training:

 

Data analytics and the need for security

Analytics has the capability to bring about substantial change within organisations, whether it's through greater insight into customer trends, or a new perspective on traditional areas of operations.

Further use of Big Data is only serving to accelerate analytics interests, driving uptake of the trend, according to research organisation Gartner.

"Rather than being the domain of a few select groups (for example, marketing, risk), many more business functions now have a legitimate interest in this capability to help foster better decision making and improved business outcomes," said Alexander Linden, a research director at Gartner.

The need to extract useful information, or data science, is going to be essential for organisations in the future.

Inevitable growth in data science

The report went on to detail how the use of data science is inevitable, given the need to extract useful information, and subsequently utilise this for failure prediction as well as growing a customer base.

Of course, with the need for data science also comes the requirement for professionals capable of extracting useful information from large data sets.

"These core skills and soft skills will prove essential in maximising the realised value of your information assets, and discovering opportunities for enhanced business performance and competitive advantage," said Mr. Linden.

Ensuring security

With any new IT endeavour involving the use of greater quantities of data, it's important to ensure that security measures are in place. While systems are commonly the first step for a company, security frameworks are a necessity given the need for business control over data.

Training for either a select group within the business or individual staff members can provide knowledge and certification of world-renowned frameworks.

These can be instrumental in ensuring security is kept a constant focus whenever large quantities of data are being handled. 

New study details inadequate enterprise network security

As enterprises have become increasingly digital over recent years – moving a substantial amount of operations online and onto virtual systems – the risks of a security failure have climbed.

These risks are compounded when new technologies such as cloud computing and mobile devices are introduced into the workflow of the company. This IT advancement certainly shows no sign of slowing down and it's going to be vital to start focusing on both the types of risks and the preventative action organisations can take.

These measures need to go beyond IT security training and systems, into a deeper understanding of IT security threats. In addition, organisations can utilise architectures to develop strong security practices.

Understanding the security risks

IT security risks can manifest in a number of different areas, and it's important that companies understand what can cause these issues.

Below, two areas of security risk have been detailed.

Mobile: Mobile devices have become a mainstay of most modern organisations, in every sector from government to manufacturing. These tools provide powerful collaboration and communication benefits.

However, mobile devices are also open to security breaches if not properly protected. Risk factors range from not securing devices on networks to leaving them unlocked in public spaces. As the devices can access company networks, any attack can result in data breaches.

Cloud-based storage: When properly established, a cloud-based storage solution is highly secure while also offering substantial functionality. Even mobile devices can access these systems, sharing files with other staff on larger computers.

Failing to develop proper security means essentially placing secure data in an open location – something that enterprises need to avoid.

Survey finds troubling statistics

The Enterprise Strategy Group (ESG) recently published a reported titled 'Network Security Trends in the Era of Cloud and Mobile Computing', which detailed a survey conducted across enterprise security.

ESG polled 397 security professionals working within enterprise organisations, asking them to rate their security teams across a number of areas. The results were surprising.

In fact, 44 per cent of organisations stated that they have an inadequate number of staff trained in areas such as security and networking technology. A staggering 47 per cent explained that the actual number of network security staff was inadequate.

"What's most troubling about this data is that network security is nothing new," the ESG report explained.

"Yes, smart product vendors and service providers stand to benefit from the continuous cybersecurity skills shortage but in the meantime, all of our data is at risk."

Security systems need to become an essential part of enterprise strategies, but it's also necessary to begin assessing how strong frameworks can assist with developing security within the organisation.

A strong security architecture

In addition to a strong security system and an understanding of the major threats to enterprise IT, it's essential to also focus on a security framework.

These courses that go into detail when it comes to managing security within a business environment.

SABSA is one of the most appropriate frameworks and methodologies for enterprises, taking a top-to-bottom approach. It guides the company from the initial concept stage through design, implementation and management.

Once in place, organisations have a tool to manage risk and seamlessly integrate security into the wider IT architecture.

Conclusion

IT continues to advance, with new technologies facilitating improved communication and collaboration. Enterprises that prioritise IT security will certainly stand to benefit from reduced data breaches and successful attacks over the next few years.

Of course, these organisations will need to focus on maintaining a strong security culture, including putting frameworks and methodologies in place to better control security.

Speak to ALC Training/PDA today if you need to find out more about appropriate security frameworks for enterprises.

Trust in cloud data security lower than ever

Cloud technologies have brought significant advancement to most areas of business, with larger and more flexible storage capacities and improved data analytics.

There are security concerns, however, especially when important customer and business information is increasingly stored in the cloud. Trust in cloud data security is at an all time low according to a new study from BT (A network firm), and businesses will need to ensure that all cloud endeavours are undertaken with the appropriate IT security.

Failure to do so could result in data breaches that cost the company in terms of both financial and reputation damage.

Declining trust

The study from BT, conducted across international IT decision makers, found that 70 per cent are adopting cloud storage and web applications, but security is lower than ever before. What's more, cloud uptake continues to climb, with adoption of mass market consumer cloud services being implemented by 50 per cent of organisations.

Cloud solutions mean data storage and management is substantially easier, along with Big Data analysis. What's more, cloud technologies have also meant it's easier than ever for staff to collaborate across long distances.

A substantial 52 per cent of survey respondents stated that they were were 'very or extremely anxious' about the exact security implications of a cloud service. This concern is well-founded, as the cloud represents a significant step away from traditional technologies.

Before approaching any new IT endeavour, security should be the top priority – especially if sensitive data is being handled.

"The adoption of cloud services has increased rapidly across the globe. Organisations are looking to reap the numerous benefits – such as scalability, fast deployment and ubiquitous network access – these services can offer," explained Mark Hughes, the president of BT Security.

"I would suggest organisations undertake a thorough risk analysis before opting for mass market cloud services. Every organisation has a different appetite for risk and these needs to be factored into the decision buying equation."

What action can be taken?

Aside from ensuring appropriate security solutions are in place on company systems and networks, there's a great deal more that businesses can do to prevent data leaks from cloud networks.

Growing a culture of security across the organisation will ensure that all staff are constantly aware of the need to secure the cloud system and the actions that can lead to security failures.

While growing this culture may seem difficult, the best course of action is to take on a framework or methodology designed to handle security. ALC Training/PDA offer a substantial number of courses throughout the Asia Pacific, and these can be an important part of a security culture.

There's a high degree of flexibility with these frameworks, and each cover a range of topics.

SABSA

SABSA is a leading security architecture, utilised by organisations across the globe. It's primary function is to deliver cohesive information security solutions to enterprises.

It accomplishes this by ensuring that the security needs of the organisation are designed as part of the IT management infrastructure. Courses take participants through a foundation certificate, advanced risk assurance, governance, architecture and design.

TOGAF

This is an enterprise architecture methodology and framework that's also used by businesses around the world. This framework can be especially useful when paired with SABSA, as individuals within the organisation will have a strong grasp on both security and enterprise architecture.

Together, more effective security solutions can be implemented and maintained. Speak to ALC Training/PDA today if you'd like to find out more about how leading frameworks can be put to use within your organisation.

Educating staff with the right frameworks

Staff are one of the most valuable assets a company can have, and this is amplified when these same employees are highly trained in frameworks and methodologies relevant to the business.

A focus on training means staff can capably respond to a variety of situations and assist whenever required across a range of projects. Whether it's IT security training or a focus on project management, businesses leaders should assess exactly why educating staff is so useful.

Before signing up an office to take part in a training course, it's a good idea to understand why training is useful and what frameworks are best suited to a company.

Why do staff need to be educated?

A well-trained workforce can be one of the most valuable assets for a business, especially in a highly competitive business environment. If employees have a range of skills that can be utilised when required, projects are likely to come in under budget and on time.

What's more, appropriate security courses can help to ensure staff are aware of the danger events such as data breaches pose and the actions required to avoid such attacks.

It's a good idea to focus on long-term results when educating staff and developing skills over a period of time. It can also be good idea to carefully select the staff that are best suited for a particular training course. For example, IT-minded staff could be suited to a course like ITIL, while employees that enjoy management roles might be better suited to COBIT.

If a culture shift is desired, wherein the business wants to move the entire workforce over to a new framework, ensure that clear goals are in place for this transition.

What frameworks are useful for employees?

There are a number of useful courses available for staff education and each offers various benefits. It's important to understand exactly what frameworks are best suited to a company.

ITIL – ITIL is a highly capable framework designed specifically for IT Service Management. It focuses on establishing cross-functional processes and effective communication channels.

PRINCE2 – This methodology, which focuses on project management, can ensure that any sort of project within a business progresses on track. Whether it's a trade show, implementation of a new computer system or even onboarding of new staff – any project can be implemented and managed with PRINCE2.

COBIT5 – Governance in IT is something that can no longer be overlooked by businesses, especially given the importance of these systems in the day-to-day running of an office. COBIT5 is the best way to ensure staff can correctly handle governance.

SABSA – Just like governance, IT security is something that cannot be overlooked. Businesses depend on IT infrastructure for all manner of operations, and that's why SABSA is essential. This is a framework that can ensure business-driven security architectures are put in place.

Where can courses be undertaken?

In order to get started with an appropriate framework or methodology, it's important to firstly understand where exactly courses can be undertaken. ALC Training/PDA offer courses across Asia Pacific in several key cities across Australia, including Brisbane, Perth, Melbourne and Sydney as well as Singapore, Kuala Lumpur and Hong Kong. Of course, programs can also be delivered to anywhere that's required.

The full range of courses are offered at these locations, and the training can be tailored to the exact size requirements of the company. Whether it's a small team that requires training in ITIL, or a larger group that needs to begin COBIT5 certification, ALC Training can help.

Making training a priority

Educating staff needs to become a top business priority, and it's only going to grow more essential as businesses become more competitive. When companies neglect to carry out appropriate staff education, it provides a perfect opportunity for other businesses to surge ahead.

Speak to ALC Training today to get started with an invaluable training program for your staff.

Assessing the benefits of in-house training

Whenever a business decides to adopt a new framework, regardless of whether it's related to IT security or project management, there's a need to enrol employees in the appropriate training courses.

For many companies this can be a significant deterrent, as it means transporting staff to a central city location and possibly even sorting out accommodation. While this can be fine for smaller groups, it's impractical in most cases.

That's where in-house training is most useful, given the range of options and flexibility.

Who provides in-house training?

When sourcing a provider to actually handle the in-house courses, ALC Training is one of the most capable in Australia. They're able to provide training in a number of renowned frameworks and courses such as ITIL, COBIT5 and PRINCE2.

A look at the benefits

In-house training is a straightforward undertaking, but it's always useful to understand the benefits offered. Below is an outline of the ALC Training in-house process benefits.

Effective frameworks and methodologies can overhaul how businesses function, and bring a new level efficiency to many areas of a company.

Contact ALC today to find out more about these frameworks, and how an in-house course can be easily set up wherever required.

McAfee: Australia at risk of cyber attack

Cyber attacks are becoming a serious risk for enterprises and governments, and could be detrimental if no action is taken in the near future.

The global president of McAfee Mike DeCesare recently explained to The Australian Financial Review that Australia is lagging behind other developed nations when it comes to cyber security laws, and a major coordinated attack could come within the next two years.

Changing methods of attack, couple with the reasoning of attackers, is presenting a risk for Australian enterprises and government departments. Understanding the state of Australian cyber security will be essential when formulating appropriate defensive measures.

Changing attacks

In the past, countries such as Australia have been targeted by hostile organisations and nations for financial means, but attacks could increasingly escalate toward disrupting states. Attacks could focus on taking down systems that control critical infrastructure.

"As the world has come online, everybody has recognised that there is an opportunity to modify their strategy… for a government, the cyber attack possibility is just another tool that you have in your bag now," Mr DeCesare said.

He went on to explain how full scale attacks haven't been seen yet, but the world will go this way in the near future. Attacks designed to cause social and economic turmoil were highlighted as growing concern.

"When Russia first went into its war with the Ukraine, there was a very public statement about the fact that their first step was going to be to take out the telecommunications grid, and I do think unfortunately in the next couple of years there will be a very high-profile example."

Such attacks cannot be underestimated, or governments and enterprises could face the risk of debilitating attacks. These certainly have the potential to cause massive financial and reputational damage.

Ideological hacking

Cyber attackers are no longer solely motivated by financial rewards, and so-called 'hacktivism' is increasingly becoming a motivating factor.

This type of attack is motivated through political means, with cyber criminals seeking to promote beliefs such as free speech and human rights. Attacks targeted at organisations could be in response to products sold by the company or other recent actions.

More radical hacking attempts are becoming prominent within Australia, according to James Turner, chairman of the Australian Information Security Association's advocacy group.

"I've spoken to security practitioners that think ideologically driven hacking is already happening in Australia, but that the organisations being targeted are either clueless about what's happening, or they are keeping it ultra quiet," Mr Turner said.

He explained that a lack of communication could be to blame here, especially between government departments and the organisations themselves. Difficulty in spotting bigger problems and formulating appropriate defensive strategies was also outlined.

"The communication channels between IT security and risk executives and their peers at other organisations are based on personal relationships, and consequently ad hoc and inherently fragile."

Many enterprises may be unaware of the dangers of cyber attacks, and subsequently fail to put appropriate security systems in place. On the other hand, security may exist but not of a high enough standard. As such, comprehensive IT security training should become a top priority.

Courses in SABSA can be invaluable, as it's one of the most successful security architectures in the world. Once implemented within an organisation, security is delivered and supported, becoming an integral part of IT management infrastructure. Further levels of education can help to grow an understanding of the architecture and ensure security is constantly at the highest possible level.

Speak to ALC Training today if you'd like to find out more about security architectures for enterprises.

Communicating the need for IT security to executives

A common challenge for many IT professionals is not necessarily putting an effective security system in place, but actually communicating the benefits of this system to executives. Often, neglect can lead to compromises in security.

Enterprises need to understand the necessity of IT security, especially given the chance of a malicious attack occurring. These often cause financial damage and affect reputation – important factors for an enterprise. In order to make security an enterprise priority, IT professionals need to have a plan for communication.

“Executive decision makers want to know the business is adequately protected against risk but need to weigh the risks of yesterday and today against the opportunities of tomorrow,” a Gartner report explained.

A plan is actually quite simple to implement, and Gartner has taken the lead by outlining several steps for businesses.

Formalise security programs

Businesses are likely already familiar with formalising programs, as many within an enterprise need to be both repeatable and measurable. An IT security program, when formalised, should cover governance, planning, building and operating.

Demonstrate value

Executives are almost always focused on driving business growth, and won’t want to hear from a professional about the risks of security negligence. As such, taking the time to demonstrate the value of a program is the best approach.

Measure maturity

A maturity scale is able to measure the security program, and identify gaps for improvement. This scale is also useful for executives, as it’s easily understandable.

The value of certifications

While it’s often difficult to convince managers, it can be even more challenging to ensure security systems have been put in place effectively. This is where certifications like SABSA are invaluable.

This security architecture is one of the most successful in the world, and is an open-use best practice method for delivering cohesive information security solutions. Once a foundation course has been undertaken, professionals will be able to more effectively handle the security needs of an organisation.

Earn your CISSP certification with ALC Training

ALC Training is one of the premier providers of CISSP training. Our 5-day course provides comprehensive insights and learnings on what is recognised as the Gold Standard of security qualifications to help you prepare for the CISSP exam. Learn more about our CISSP certification training here