New study details inadequate enterprise network security

As enterprises have become increasingly digital over recent years – moving a substantial amount of operations online and onto virtual systems – the risks of a security failure have climbed.

These risks are compounded when new technologies such as cloud computing and mobile devices are introduced into the workflow of the company. This IT advancement certainly shows no sign of slowing down and it's going to be vital to start focusing on both the types of risks and the preventative action organisations can take.

These measures need to go beyond IT security training and systems, into a deeper understanding of IT security threats. In addition, organisations can utilise architectures to develop strong security practices.

Understanding the security risks

IT security risks can manifest in a number of different areas, and it's important that companies understand what can cause these issues.

Below, two areas of security risk have been detailed.

Mobile: Mobile devices have become a mainstay of most modern organisations, in every sector from government to manufacturing. These tools provide powerful collaboration and communication benefits.

However, mobile devices are also open to security breaches if not properly protected. Risk factors range from not securing devices on networks to leaving them unlocked in public spaces. As the devices can access company networks, any attack can result in data breaches.

Cloud-based storage: When properly established, a cloud-based storage solution is highly secure while also offering substantial functionality. Even mobile devices can access these systems, sharing files with other staff on larger computers.

Failing to develop proper security means essentially placing secure data in an open location – something that enterprises need to avoid.

Survey finds troubling statistics

The Enterprise Strategy Group (ESG) recently published a reported titled 'Network Security Trends in the Era of Cloud and Mobile Computing', which detailed a survey conducted across enterprise security.

ESG polled 397 security professionals working within enterprise organisations, asking them to rate their security teams across a number of areas. The results were surprising.

In fact, 44 per cent of organisations stated that they have an inadequate number of staff trained in areas such as security and networking technology. A staggering 47 per cent explained that the actual number of network security staff was inadequate.

"What's most troubling about this data is that network security is nothing new," the ESG report explained.

"Yes, smart product vendors and service providers stand to benefit from the continuous cybersecurity skills shortage but in the meantime, all of our data is at risk."

Security systems need to become an essential part of enterprise strategies, but it's also necessary to begin assessing how strong frameworks can assist with developing security within the organisation.

A strong security architecture

In addition to a strong security system and an understanding of the major threats to enterprise IT, it's essential to also focus on a security framework.

These courses that go into detail when it comes to managing security within a business environment.

SABSA is one of the most appropriate frameworks and methodologies for enterprises, taking a top-to-bottom approach. It guides the company from the initial concept stage through design, implementation and management.

Once in place, organisations have a tool to manage risk and seamlessly integrate security into the wider IT architecture.

Conclusion

IT continues to advance, with new technologies facilitating improved communication and collaboration. Enterprises that prioritise IT security will certainly stand to benefit from reduced data breaches and successful attacks over the next few years.

Of course, these organisations will need to focus on maintaining a strong security culture, including putting frameworks and methodologies in place to better control security.

Speak to ALC Training/PDA today if you need to find out more about appropriate security frameworks for enterprises.

Why an overview of IT frameworks and standards is a necessity

There have been a substantial number of IT frameworks and standards developed in recent decades, largely as governments and organisations ran into issues during growth. In addition, an increase in IT usage among companies has led to mismanagement and confusion.

This is where frameworks can help by providing clear guidance for the rollout of new technologies, the management of security infrastructure and the development of projects.

Understanding the need for frameworks and standards

The frameworks have evolved since their initial development, and now ensure that organisations get the best possible return on investment from IT and project undertakings. In place of broad processes, they're able to address company issues and provide real advantages.

Here, several key IT frameworks and their associated benefits have been outlined:

COBIT: Governance and management of IT are key for enterprises, and this is where COBIT excels. This is a tool designed to provide business optimisation and road map tools using proven practices and ground-breaking tools. These can result in IT innovation and business success.

ITIL: This is the most widely adopted IT service management approach for companies across the globe, and for good reason. Once implemented, it provides a practical approach for identifying, planning and delivering IT services to the business, without any issues.

PRINCE2: The PRINCE2 management method is highly structured and has been designed based on the experiences of thousands of prior projects. This gives the tool a depth that few others can match. In addition, it has also received countless contributions from a variety of experts.

MSP: Companies may have trepidation when it comes to approaching programs, but they're essentially just larger projects that evolve in ambiguous environments.

MSP has been adopted by a number of organisations as it's extremely useful when it comes to managing projects, and can ensure they achieve a positive outcome.

These are just four of the available IT standards, and it's easy to see the key differences and where each has strengths. As a result, businesses and IT professionals may want to consider multiple frameworks.

Gaining an overview

Of course, while these frameworks and standards are exceptionally helpful, it's important that businesses and IT leaders understand what they accomplish. By simply taking part in courses without knowing how to best use the frameworks, they won't be fully utilised.

The IT Frameworks and Standards Overview course from ALC Training/PDA is the best option, and can teach businesses what to actually do with frameworks like COBIT, PRINCE2 and ITIL. In addition, the course also details the differences, how they fit together and how they can improve the organisation.

This course focuses on clearing up any confusion about the various standards, and provides management staff with a clear understanding of how they work. In turn, this can lead to more informed decisions when it comes time to actually take advantage of such a framework.

The course is designed for a range of positions within a company, including executive officers, program and project managers and IT staff at various levels, taking place over the course of a single day from 9:30am to 4:00pm.

Conclusion

The IT Frameworks and Standards Overview course should be the first consideration for those looking to take part in a framework, and especially so if multiple standards are being assessed. The value of having a clear overview to best utilise each of the frameworks and their key advantages is important.

Speak to ALC Training/PDA today if you'd like to find out more about the extensive range of courses on offer.

Big Data analytics growth and the industrial internet

Big Data has made waves in the IT sector over the past few years, offering greatly increased capabilities in areas such as predictive analytics and understanding of niche trends.

In fact, a recent study conducted by GE and Accenture found there was a growing urgency for organisations to embrace Big Data analytics – specifically to advance industrial internet strategies. This is a term used to describe the integration of machinery with networked sensors and software, similar to the Internet of Things.

Big Data will need to become a serious part of IT strategies in the near future, if organisations hope to correctly manage this industrial internet trend. It's essential that appropriate considerations are made for the proper management and control of Big Data strategies.

Growth in Big Data analytics

Big Data is currently experiencing strong growth, as greater numbers of organisations begin to realise the benefits of adopting powerful analytics capabilities.

This can be seen in healthcare, in which around one third of surveyed organisations stated they were 'ahead of the game' when it came to analytics. This is according to the Accenture study, which also found around half to be increasing Big Data analytics investments from 10 to 20 per cent of technology budgets.

As analytics technologies becoming increasingly capable, businesses across a number of sectors will certainly want to consider the benefits. This is already being seen in the industrial sector, where companies are using Big Data analytics to handle equipment monitoring.

Big Data and the industrial internet

The industrial internet offers a new approach for enterprises needing to monitor equipment, but the sheer amount of data generated could prove difficult to handle. This is where Big Data is set to be essential, given the management capabilities of the trend.

According to the Accenture study, 65 per cent of companies are currently using Big Data analytics to handle equipment monitoring, but only 29 per cent of a surveyed 250 executives are using Big Data for predictive analytics. While correct monitoring and management of equipment is key, predictive analytics has a real capability to change businesses.

This is a technology that when correctly utilised can identify potential issues before they become larger problems, thus reducing any unnecessary strain on an organisation.

In terms of the industrial internet, it means power generation facilities like wind turbines or solar panel installations can gather and feed relevant information back to the enterprise. If any errors are identified, they are quickly understood and corrected. 

Correctly managing Big Data use

Big Data is a substantial undertaking, and will often mean far more data analysis than most companies are used to. It's in these instances where a management framework can be effectively utilised.

AGILE is one of these frameworks, and is especially useful for technology-focused project management (like Big Data). Once it has been implemented, there's more effective communication between staff and different teams, along with regular reviews of prioritisation and re-planning.

This flexibility is required on modern business projects, and can ensure that efforts never go too far off track.

ALC Training is one of the principle providers in the Asia Pacific of the AGILE framework, and businesses need to consider the value of these hosted courses.

Conclusion

Big Data will certainly continue to experience growth over the next few years, especially as enterprises begin to understand the performance capabilities and benefits. The industrial sector will likely become a centre of this Big Data development, as organisations use powerful analytics to manage power systems and other complex equipment.

Organisations will need to consider how to best integrate Big Data analytics, and take advantage of the appropriate management frameworks.

Understanding AGILE Project Management

Project management is essential for businesses of any size, especially on larger undertakings when there’s significant financial investment tied to the success of the project.

Of course, choosing a methodology can be difficult, and it’s something that requires a fair amount of thought. In many cases, these frameworks can become the default project management tool for all future endeavours, so choosing the best one is key.

This article will explore the AGILE method, the differences from similar frameworks and how it can actually be helpful when used in a project. By knowing how AGILE works, it can become far more effectively utilised.

Understanding AGILE

AGILE offers a different approach to other project management frameworks, with the key focus being on assessment through the development lifecycle. Essentially, regular iterations are performed where teams must develop incremental improvements for products that can also be implemented and shipped in a short timeframe.

This focus on work cycle repetition as well as the products developed, as a result, is called iterative project management. Essentially, it means that every aspect of an undertaking is revisited time and again to ensure it’s still meeting pre-determined objectives.

As such, if there’s an issue encountered or the project needs to be taken in a new direction, time is available to do so.

AGILE is most commonly used in software development projects, as this type of undertaking involves a degree of unpredictability.

Want to become qualified in the world’s leading framework and certification for Agile Project Management?

Sign up to our AgilePM® Foundation / Practitioner Combined course 

What is Scrum?

When researching AGILE, companies may come across Scrum, a method of introducing the AGILE practices into a business environment. Scrum is straight-forward and flexible and utilises AGILE in the form of short iterations.

Scrum is one of the many approaches to the AGILE method of management, alongside DSDM Atern, XP and Crystal.

The ease of use makes Scrum a good launching point into the AGILE method.

How does Scrum differ from PRINCE2?

The range of project management methodologies can it hard to discern differences, but there are key points of distinction that businesses need to be aware of. This is especially true when comparing the tool to PRINCE2.

AGILE offers a far more distinct program than PRINCE2 and the associated training courses, promising greater flexibility when used in a project. For example, deliverables can be produced without the need for major reworking, making it useful when the project takes a different turn.

Tasks can also be broken down into smaller and more manageable stages, allowing risk reduction by way of earlier assessment. However, AGILE can set unattainable expectations in place if it’s not fully understood by those using it.

In addition, AGILE is most beneficial to software development, and PRINCE2 could be a more appropriate general framework for businesses.

How does AGILE help a project?

Adaptability is key in a modern business environment, especially when the requirements of a project are prone to change. In these areas, AGILE can be most useful.

AGILE can assist business projects in the following ways:

Delivering improved communications: Communications are improved by correctly identifying and informing stakeholders, conducing planned work reviews at all appropriate organisational levels and holding daily communications with the team

Building trusted teams: Teams utilising AGILE are self-directed and empowered, with managers that facilitate teams without needing to direct them. In addition, there also fixed time scales and budgets to ensure projects come in as expected.

Regardless of whether PRINCE2 training has already been performed, it’s a good idea to consider the benefits of AGILE. This is a robust approach to project management that’s designed to handle the modern, ever-changing project environment.

When used alongside PRINCE2, businesses have a tool that can be used to improve project delivery and success.

Why is a project management method needed?

Many organisations understand the necessity of maintaining control over projects – especially given the high chance of failure. Whether it's a conference or implementation of a new system, all projects require a strong management infrastructure.

Understanding the common reasons that project fail, and the necessary steps to prevent project failure in the future is key, and should become a part of business strategies.

Why projects fail

In many cases, project failure is due to mismanagement, when a number of those involved on the management have conflicting ideas about how exactly the project should unfold. In addition, they may also have different ideas about when exactly various aspects of a project should be completed.

This leads to miscommunication and a higher rate of failure.

When a project fails, the cost can often be quite high for the company, regardless of whether or not it's known to the public. It often means needing to begin the project again – something that's obviously best avoided.

A project management method is the answer here, and can solve the majority of the key management issues that organisations are likely to encounter.

Putting a project management method in place

By utilising a good project management method, businesses have access to a tool that can be applied to any number of project undertakings. Essentially, it's a guide that takes a project through to completion with a set of controlled and visible activities.

The PRINCE2 framework is the best option for organisations, as it uses principles that can be applied to a number of projects. What's more, it's also been used by businesses and government departments around the world to effectively handle projects.

ALC Training/PDA can deliver PRINCE2 courses anywhere in the Asia-Pacific region and other locations across the globe where and when required. 

Managing increased cloud growth

Cloud technologies bring a number of innovations to businesses, such as more capable collaboration, communication and improved flexibility.

These advantages over traditional technologies have been a significant driver in the uptake of the cloud, and will certainly continue to push growth

Of course, it's essential that organisations understand how to best manage the implementation of new cloud technologies and the most effective approaches.

Australian cloud growth

Cloud uptake is on the rise in Australia, with a recent forecast by research firm DCD Intelligence predicting that by the end of 2014, nearly 50 per cent of Australian businesses will have deployed cloud systems, or at least have projects underway.

Hybrid cloud projects were identified as a primary method of deployment, which is certainly due to the benefits of utilising two (private and public) capable cloud frameworks.

In turn, the study noted that cloud architecture grew from 11 per cent globally in 2011 to 35 per cent in 2014.

Managing uptake

While upgraded systems and improved infrastructure are necessary to handle new cloud systems, it's equally important that organisation staff understand how to manage these technologies. Simply putting a new cloud data storage system in place without correct management is likely to bring about a significant number of issues.

Two of the most appropriate frameworks to handle a cloud project have been detailed below.

PRINCE2 – This is a framework utilised by the Australian government and a number of organisations in the private sector. It offers a best practice project management model that ensures projects are always delivered to budget and at the appropriate level of quality.

TOGAF – TOGAF is an enterprise architecture methodology designed to improve business efficiency – key when implementing a new technology.

Speak to ALC Training/PDA today to find out more about PRINCE2 training and other world-renowned frameworks and methodologies.

Making use of the Agile framework

Running projects in businesses of any size can be difficult, and there's often a risk of deadline and budget overruns without careful management.

These can be substantial setbacks, and need to be avoided where possible. The question is, what's the best way for organisations to more effectively approach projects?

Capable project management training, along with a focus on IT governance, should become considerations for businesses.

A leaner approach to projects

In organisations of any size, projects are a certainty, but undertaking and managing them effectively is a different issue altogether. This is where the Agile Project Management (AgilePM) framework is especially useful, as it's designed specifically for project-focused environments.

Once personnel have been given the appropriate training, they have access to an approach that enables faster response to project change, and they can more effectively implement new initiatives. This approach means that even projects currently underway can be altered or steered in a new direction with ease.

Agile is accredited by APMG international, and based on proven fundamentals. Once businesses have begun using the framework, projects can be delivered to a high standard with improved visibility. In addition, there's added project empowerment provided by Agile.

Beginning an Agile course

The best way to implement the Agile framework in business is through a comprehensive training course, one tailored to the needs of the company. These courses ensure that the participants can handle a variety of projects effectively.

Whether it's for five staff or 20, ALC Training/PDA can provide training within the Asia-Pacific region and deliver courses wherever required to countries across the globe.

A course with ALC will focus on laying the appropriate foundation for Agile projects, provide a comprehensive understanding of how Agile projects are supposed to be managed and clarifying the different management styles.

Businesses should consider the value of Agile training, and the benefits it can have on a variety of projects.

Trust in cloud data security lower than ever

Cloud technologies have brought significant advancement to most areas of business, with larger and more flexible storage capacities and improved data analytics.

There are security concerns, however, especially when important customer and business information is increasingly stored in the cloud. Trust in cloud data security is at an all time low according to a new study from BT (A network firm), and businesses will need to ensure that all cloud endeavours are undertaken with the appropriate IT security.

Failure to do so could result in data breaches that cost the company in terms of both financial and reputation damage.

Declining trust

The study from BT, conducted across international IT decision makers, found that 70 per cent are adopting cloud storage and web applications, but security is lower than ever before. What's more, cloud uptake continues to climb, with adoption of mass market consumer cloud services being implemented by 50 per cent of organisations.

Cloud solutions mean data storage and management is substantially easier, along with Big Data analysis. What's more, cloud technologies have also meant it's easier than ever for staff to collaborate across long distances.

A substantial 52 per cent of survey respondents stated that they were were 'very or extremely anxious' about the exact security implications of a cloud service. This concern is well-founded, as the cloud represents a significant step away from traditional technologies.

Before approaching any new IT endeavour, security should be the top priority – especially if sensitive data is being handled.

"The adoption of cloud services has increased rapidly across the globe. Organisations are looking to reap the numerous benefits – such as scalability, fast deployment and ubiquitous network access – these services can offer," explained Mark Hughes, the president of BT Security.

"I would suggest organisations undertake a thorough risk analysis before opting for mass market cloud services. Every organisation has a different appetite for risk and these needs to be factored into the decision buying equation."

What action can be taken?

Aside from ensuring appropriate security solutions are in place on company systems and networks, there's a great deal more that businesses can do to prevent data leaks from cloud networks.

Growing a culture of security across the organisation will ensure that all staff are constantly aware of the need to secure the cloud system and the actions that can lead to security failures.

While growing this culture may seem difficult, the best course of action is to take on a framework or methodology designed to handle security. ALC Training/PDA offer a substantial number of courses throughout the Asia Pacific, and these can be an important part of a security culture.

There's a high degree of flexibility with these frameworks, and each cover a range of topics.

SABSA

SABSA is a leading security architecture, utilised by organisations across the globe. It's primary function is to deliver cohesive information security solutions to enterprises.

It accomplishes this by ensuring that the security needs of the organisation are designed as part of the IT management infrastructure. Courses take participants through a foundation certificate, advanced risk assurance, governance, architecture and design.

TOGAF

This is an enterprise architecture methodology and framework that's also used by businesses around the world. This framework can be especially useful when paired with SABSA, as individuals within the organisation will have a strong grasp on both security and enterprise architecture.

Together, more effective security solutions can be implemented and maintained. Speak to ALC Training/PDA today if you'd like to find out more about how leading frameworks can be put to use within your organisation.

Considering the effectiveness of TOGAF

Enterprise architecture is strongly linked to business efficiency, and just like IT governance, it's important that companies utilise proven methodologies and frameworks.

Businesses that adopt an appropriate standard such as TOGAF (The Open Group Architecture Framework), will find more consistent standards and communication among enterprise architecture professionals. TOGAF also means resources can be utilised effectively. 

TOGAF9 usage has increased by 25 per cent in the last six months alone, with growth certainly set to continue over the remainder of this year. This is according to analysis conducted by Foote Partners, an IT industry researcher with a special focus on skills and qualifications.

Before proceeding with training, it's often a good idea for both businesses and IT professionals to understand what TOGAF actually is and how training is structured.

What is TOGAF?

TOGAF is a renowned and proven enterprise architecture methodology, and is currently utilised by organisations across the globe, largely to improve efficiency. Once a business or individuals have undertaken the necessary training, operational benefits can be seen on a regular basis.

This is a framework built on open standards, meaning it can be put in place as an enterprise architecture for free. When companies are looking to cut back on expenditure, a reliable and free framework could be hard to overlook.

What's more, as it's a widely adopted framework, staff are likely to have had the appropriate training, thus making hiring a far simpler process.

While efficiency is the primary focus of TOGAF, there are other areas where the framework is useful.

The course structure

TOGAF courses are easy to understand, and the structure is quite similar to other popular frameworks and methodologies. With ALC Training/PDA, participants only need to take part in a four day course, covering two separate modules. These can be taken either separately or together.

The focus is on both the practical application of the framework in realistic scenarios, and also provides additional knowledge needed for higher certification.

Foundation Module

This first course is classroom based, and features interactive content designed to engage participants. It covers the Foundation Level One curriculum, including specific examples of architecture deliverables and artefacts.

Upon completion of this course, participants will be able to complete the TOGAF Level One exam (TOGAF 9 Foundation). In addition, this course validates the knowledge the participants have gained and ensures they understand the core principles of TOGAF and enterprise architecture in general.

Practitioner Module

Following completion of the Foundation Module, participants move onto the Practitioner Module. This course also takes place over a period of two days, and moves the focus to practical applications. The foundation knowledge is built upon, along with comprehension, by using practical scenarios for participants to test their knowledge.

Basically, it provides validation that the participant can apply the necessary knowledge of TOGAF to various scenarios.

Appropriate training

ALC Training/PDA offer courses throughout the Asia Pacific in several key cities across Australia, including Brisbane, Perth, Melbourne and Sydney as well as Singapore, Kuala Lumpur and Hong Kong. Programs can also be delivered to anywhere else that's required.

Speak to ALC Training/PDA today if you'd like to find out more about how these frameworks and methodologies can benefit an organisation. ALC Training/PDA also offer courses in IT security and the ITIL framework.

Educating staff with the right frameworks

Staff are one of the most valuable assets a company can have, and this is amplified when these same employees are highly trained in frameworks and methodologies relevant to the business.

A focus on training means staff can capably respond to a variety of situations and assist whenever required across a range of projects. Whether it's IT security training or a focus on project management, businesses leaders should assess exactly why educating staff is so useful.

Before signing up an office to take part in a training course, it's a good idea to understand why training is useful and what frameworks are best suited to a company.

Why do staff need to be educated?

A well-trained workforce can be one of the most valuable assets for a business, especially in a highly competitive business environment. If employees have a range of skills that can be utilised when required, projects are likely to come in under budget and on time.

What's more, appropriate security courses can help to ensure staff are aware of the danger events such as data breaches pose and the actions required to avoid such attacks.

It's a good idea to focus on long-term results when educating staff and developing skills over a period of time. It can also be good idea to carefully select the staff that are best suited for a particular training course. For example, IT-minded staff could be suited to a course like ITIL, while employees that enjoy management roles might be better suited to COBIT.

If a culture shift is desired, wherein the business wants to move the entire workforce over to a new framework, ensure that clear goals are in place for this transition.

What frameworks are useful for employees?

There are a number of useful courses available for staff education and each offers various benefits. It's important to understand exactly what frameworks are best suited to a company.

ITIL – ITIL is a highly capable framework designed specifically for IT Service Management. It focuses on establishing cross-functional processes and effective communication channels.

PRINCE2 – This methodology, which focuses on project management, can ensure that any sort of project within a business progresses on track. Whether it's a trade show, implementation of a new computer system or even onboarding of new staff – any project can be implemented and managed with PRINCE2.

COBIT5 – Governance in IT is something that can no longer be overlooked by businesses, especially given the importance of these systems in the day-to-day running of an office. COBIT5 is the best way to ensure staff can correctly handle governance.

SABSA – Just like governance, IT security is something that cannot be overlooked. Businesses depend on IT infrastructure for all manner of operations, and that's why SABSA is essential. This is a framework that can ensure business-driven security architectures are put in place.

Where can courses be undertaken?

In order to get started with an appropriate framework or methodology, it's important to firstly understand where exactly courses can be undertaken. ALC Training/PDA offer courses across Asia Pacific in several key cities across Australia, including Brisbane, Perth, Melbourne and Sydney as well as Singapore, Kuala Lumpur and Hong Kong. Of course, programs can also be delivered to anywhere that's required.

The full range of courses are offered at these locations, and the training can be tailored to the exact size requirements of the company. Whether it's a small team that requires training in ITIL, or a larger group that needs to begin COBIT5 certification, ALC Training can help.

Making training a priority

Educating staff needs to become a top business priority, and it's only going to grow more essential as businesses become more competitive. When companies neglect to carry out appropriate staff education, it provides a perfect opportunity for other businesses to surge ahead.

Speak to ALC Training today to get started with an invaluable training program for your staff.

Assessing the benefits of in-house training

Whenever a business decides to adopt a new framework, regardless of whether it's related to IT security or project management, there's a need to enrol employees in the appropriate training courses.

For many companies this can be a significant deterrent, as it means transporting staff to a central city location and possibly even sorting out accommodation. While this can be fine for smaller groups, it's impractical in most cases.

That's where in-house training is most useful, given the range of options and flexibility.

Who provides in-house training?

When sourcing a provider to actually handle the in-house courses, ALC Training is one of the most capable in Australia. They're able to provide training in a number of renowned frameworks and courses such as ITIL, COBIT5 and PRINCE2.

A look at the benefits

In-house training is a straightforward undertaking, but it's always useful to understand the benefits offered. Below is an outline of the ALC Training in-house process benefits.

Effective frameworks and methodologies can overhaul how businesses function, and bring a new level efficiency to many areas of a company.

Contact ALC today to find out more about these frameworks, and how an in-house course can be easily set up wherever required.

McAfee: Australia at risk of cyber attack

Cyber attacks are becoming a serious risk for enterprises and governments, and could be detrimental if no action is taken in the near future.

The global president of McAfee Mike DeCesare recently explained to The Australian Financial Review that Australia is lagging behind other developed nations when it comes to cyber security laws, and a major coordinated attack could come within the next two years.

Changing methods of attack, couple with the reasoning of attackers, is presenting a risk for Australian enterprises and government departments. Understanding the state of Australian cyber security will be essential when formulating appropriate defensive measures.

Changing attacks

In the past, countries such as Australia have been targeted by hostile organisations and nations for financial means, but attacks could increasingly escalate toward disrupting states. Attacks could focus on taking down systems that control critical infrastructure.

"As the world has come online, everybody has recognised that there is an opportunity to modify their strategy… for a government, the cyber attack possibility is just another tool that you have in your bag now," Mr DeCesare said.

He went on to explain how full scale attacks haven't been seen yet, but the world will go this way in the near future. Attacks designed to cause social and economic turmoil were highlighted as growing concern.

"When Russia first went into its war with the Ukraine, there was a very public statement about the fact that their first step was going to be to take out the telecommunications grid, and I do think unfortunately in the next couple of years there will be a very high-profile example."

Such attacks cannot be underestimated, or governments and enterprises could face the risk of debilitating attacks. These certainly have the potential to cause massive financial and reputational damage.

Ideological hacking

Cyber attackers are no longer solely motivated by financial rewards, and so-called 'hacktivism' is increasingly becoming a motivating factor.

This type of attack is motivated through political means, with cyber criminals seeking to promote beliefs such as free speech and human rights. Attacks targeted at organisations could be in response to products sold by the company or other recent actions.

More radical hacking attempts are becoming prominent within Australia, according to James Turner, chairman of the Australian Information Security Association's advocacy group.

"I've spoken to security practitioners that think ideologically driven hacking is already happening in Australia, but that the organisations being targeted are either clueless about what's happening, or they are keeping it ultra quiet," Mr Turner said.

He explained that a lack of communication could be to blame here, especially between government departments and the organisations themselves. Difficulty in spotting bigger problems and formulating appropriate defensive strategies was also outlined.

"The communication channels between IT security and risk executives and their peers at other organisations are based on personal relationships, and consequently ad hoc and inherently fragile."

Many enterprises may be unaware of the dangers of cyber attacks, and subsequently fail to put appropriate security systems in place. On the other hand, security may exist but not of a high enough standard. As such, comprehensive IT security training should become a top priority.

Courses in SABSA can be invaluable, as it's one of the most successful security architectures in the world. Once implemented within an organisation, security is delivered and supported, becoming an integral part of IT management infrastructure. Further levels of education can help to grow an understanding of the architecture and ensure security is constantly at the highest possible level.

Speak to ALC Training today if you'd like to find out more about security architectures for enterprises.