WHILE REMOTE WORK offers flexibility and new opportunities, it also presents cybersecurity challenges.

As more organisations adopt remote and hybrid working practices, there is an increase in access to sensitive data from various locations. This has caused targeted attacks to rise, often exploiting human emotions through tactics like phishing, pretexting, and baiting.  

TeamViewer Asia-Pacific president, Sojung Lee, said, “Social engineering attackers have used these tactics for a long time. These tactics work because they prey on human nature, manipulating it to gain unauthorised access to confidential information. 

“Unfortunately, attacks are becoming more personalised and targeted, making it essential for every team to recognise these dangers and be prepared to fight against them.” 

Cybersecurity checklist for remote working 

Ms Lee said very few people were information technology (IT) experts and many may not know where to start. However, following the advice of a cybersecurity checklist can help companies keep safe from cyber threats, even when employees are working remotely. 

Check 1 — Education and awareness:  

• Recognise targeted attacks: regularly train staff to identify spear phishing, whaling, and other targeted attacks that exploit personal information. 
• Avoid unknown devices and baiting:educate employees not to plug unfamiliar devices like USBs into their systems. Highlight the risks of baiting, where malicious devices are left for workers to find.
• Implement protocols against pretexting: establish protocols and code words to minimise risks from pretexters impersonating legitimate access holders, such as vendors or technical support. 
• Encourage caution with personal information: warn against sharing personal details that could be used in spear phishing campaigns. 
• Promote continuous education: emphasise that ongoing learning is the cornerstone of cybersecurity, especially in remote settings. 

Check 2 — Implement protocols and leverage technology: 

• Use multi-factor authentication (MFA): employ MFA for connections and accounts for added security. 
• Restrict USB port usage: control access to USB ports or use alternatives that remove the need for physical devices. 
• Implement secure access features: use methods that ensure connection without passwords for stronger validation. 
• Leverage certificates: company-wide certificates, paired with trusted services that allow their implementation, provide easy and highly secure access. 

Check 3 — Promote password best practices:

• Encourage unique passwords: advocate for different passwords across various sites and services. 
• Recommend trusted password managers:promote the use of reliable tools for secure password storage. 
• Cultivate good password hygiene:foster a culture that appreciates and practises secure password habits. 

“In a world where remote access is integral to business, organisations need to take full responsibility and implement a strict zero-trust policy, limiting access to critical resources and confidential information with designated role management and conditional access capabilities,” Ms Lee said.

“Together with an educated workforce organisations can build a resilient, multi-layered defence, mitigating the constant threat of security incidents. 

“Having a cybersecurity checklist is more than just a set of guidelines, it’s an essential part of business strategy in the remote working era,” she said.

“By adhering to these principles and leveraging the right technological solutions, organisations can maintain integrity and resilience against the constantly evolving cyber threats. 

“It’s essential to always err on the side of caution and recognise that social engineering preys on human nature itself. Understanding this is the key to preventing companies from becoming the next victim of these time-tested strategies.” 

www.teamviewer.com

ends

AUSTRALIAN enterprise leaders are steadily recognising and unearthing growing threats, assessing risks and changing strategies to better detect and respond to attacks, according to a new ISG Provider Lens report

The recent series of damaging, high-profile data leaks in Australia has changed the way Australian organisations approach enterprise security and procure cybersecurity services, according to the new research published today by Information Services Group (ISG, Nasdaq: III), a global technology research and advisory firm with runs on the board in cybersecurity.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia has found the attacks revealed escalating threats and changed cybersecurity from solely an information technology (IT) issue to a closely monitored enterprise challenge.

“Australian companies recognise the business dangers of data leaks,” ISG Cybersecurity director for ANZ and Asia Pacific, Joyce Harkness said.

“Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.” 

The Australian Government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organisations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives.

More recently, the Federal Government unveiled the 2023-2030 Australian Cyber Security Strategy, aimed at making Australia one of the most cyber secure nations in the world by 2030. The government also appointed the Australia’s first cyber security coordinator and began operationalising the Security of Critical Infrastructure Act 2018.

Plugging security capability gaps

Recent attacks revealed that even large Australian enterprises had cyber capability gaps, the report said.

Most had invested heavily in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the ‘attack surface’ has expanded with the rise of remote work, digital engagement, an expanding supply chain and the internet of things (IoT).

Mistakes inside organisations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.

ISG reported that, as a result, Australian enterprises had “begun to assess their risk tolerance, evaluate current controls and take an ‘assume breach’ approach, recognising that not all breaches can be prevented and focusing on rapid detection and response”.

As they migrate to the cloud over the next few years, many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report said.

The report deduced that companies with multiple cybersecurity tools, “which often generate false positives that require manual intervention” will also need greater automation and interoperability to relieve the pressure on security operations centres (SOCs). The role of artificial intelligence (AI) is expected to grow exponentially, often to secure IoT assets.

“We expect strong growth in the Australian security market over the next five years,” ISG Provider Lens Research partner and global leader, Jan Erik Aase said.

“Enterprises and providers will be investing heavily in both new technologies and essential skills.”

Australian business tries to get it right

The report also explored other cybersecurity trends in Australia, including the increasing adoption of zero-trust frameworks and next-generation identity and access management (IAM) to maintain high-level security while enabling improved customer experience.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia evaluates the capabilities of 82 providers across six quadrants: identity and access management (IAM), extended detection and response (XDR), security service edge (SSE), technical security services, strategic security services, and managed security services (SOC).

The report named IBM as a leader in four quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, NTT DATA, Telstra, Tesserent, Verizon Business and Wipro as Leaders in three quadrants each. Microsoft is named as a Leader in two quadrants.

Bitdefender, Broadcom, Cato Networks, CGI, Cisco, CrowdStrike, CyberArk, EY, Forcepoint, HCLTech, Infosys, Kasada, KPMG, Netskope, Okta, Palo Alto Networks, Ping Identity, PwC, SailPoint, Tech Mahindra, Unisys, Versa Networks, VMware and Zscaler are named as leaders in one quadrant each.

In addition, Kyndryl is named as a ‘rising star’ — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. BeyondTrust, HPE (Aruba), Macquarie Telecom Group and SentinelOne are named as rising stars in one quadrant each.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia is available through https://isg-one.com

ends

By Ricky Blacker >>

AN ONLINE STORE’s primary purpose is to generate conversions. To succeed, the website must provide an efficient, secure and positive customer experience.

With digital wallets increasingly overtaking credit cards for online payments (Global Payments Report FIS), it is more important than ever for businesses to accommodate a range of payment methods and ensure they function smoothly.

Payment gateways are what make online payments possible, as they connect a business’s website to its merchant account, such as PayPal or Stripe. Depending on the merchant(s) selected, a business can accept payments in a range of currencies and leverage different plug-ins to tailor the checkout process based on business and customer preferences. 

It’s important to choose a strong, reliable payment gateway to protect the reputation and financial success of the business. An inefficient payment gateway, or worse, an error in the platform, can result in additional processing fees or even legal implications. 

Time spent rectifying technical issues may also increase website downtime, thereby impacting potential sales. Together, these can negatively affect the user experience and trust in brand.

Trusted payment gateways make your customers ‘secure’ with you

If customers do not feel safe entering their payment details via your website, they are likely to seek and choose an alternative provider.

In contrast, adopting trusted payment gateways ensures that the final stage of the purchase is easy, which can avoid last minute change of mind, increase the customer’s basket size and encourage repeat purchases.

Once installed, the payment gateways do need to be kept updated and operating at optimal level. This maintenance may seem tedious and complicated but it is crucial for success.

Fortunately, choosing a quality website hosting platform can make this process much easier. For example, WP Engine works seamlessly with WooCommerce, one of the most powerful and flexible platforms to transform websites into online stores, to enable easy integration.

By selecting a managed WooCommerce hosting service, businesses can also outsource website management, ensuring site speed optimisation, automatic updates and free Secure Socket Layer (SSL) certificates are maintained as necessary. This means businesses get time back to focus on their product and service offerings

Success is all about trust

Recognised and trusted payment processing gateways are highly beneficial in gaining consumer trust. When customers see a trusted brand logo such as Stripe, they instantly have peace of mind that any payment details they input will be handled securely.

Choosing a website hosting platform that integrates deeply with one or more trusted payment gateways can accelerate and simplify payment gateway set up.

For example, WP Engine’s new Stripe Connect integration includes Stripe in the WooCommerce store building and management process, so there’s no need to seek out or pay for add-ons — it’s preconfigured to just work.

This new offering also makes Stripe integrations more secure, as businesses can connect to an existing Stripe account without using API keys and credentials.

A good payment gateway needs strong website infrastructure to support it. A slow website that lacks a robust security infrastructure can increase the risk of website crashes and data leaks.

Long loading times may also deter customers from completing their purchase or result in payment processes timing out.

In the best case, this can impact brand reputation. In the worst case, this may lead to incorrect or duplicate payments, resulting in customer frustration.

Therefore, businesses should ensure they constantly optimise their website for speed and ensure they adhere to basic cyber hygiene principles, such as ensuring plug-ins are updated.

Consider managed web hosting

For businesses who want to make efficient use of time and resources, working with a managed web hosting platform or agency can greatly alleviate workloads and pressure.

For example, WP Engine leverages automated plug-in and WordPress updates to ensure vulnerabilities are repaired as soon as possible.

Reliable payment gateways are a key factor to increase business sales and overall success. Not only do they affect sales and conversions, they also impact consumer trust and brand reputation.

By choosing reliable payment gateways and working with a web hosting platform that enables easy integration and management, businesses can succeed online while having more time and resources to focus on what they do best.

www.wpengine.com.au

About the author    

Ricky Blacker is a senior sales engineer and WordPress ‘evangelist’ at WP Engine, a Brisbane-headquartered company that has developed into one of the world’s leading managed WordPress platforms and hosting services. WP Engine has been voted the number one WordPress platform globally in 2023.

ends

 By Leon Gettler, Talking Business >>

THE METHODS for dealing with cyberattacks and ransomware have been around for a relatively long time, technologically.

But according to global network protection company Tenable, the problem remains that a lot of companies have not ‘got the basics down’.

Scott McKinnel, the Australia and New Zealand regional manager for Tenable, said a Tenable survey conducted by Forrester revealed that 92 percent of organisations said 70 percent of their business had been impacted by cybercriminal activity resulting in significant business loss. He also outlined how cyberattacks and ransomware had become increasingly profitable for cyber criminals.

Mr McKinnel said, a couple of years ago, the modus operandi of cyber criminals had been to target individuals.

“What it’s evolved to now is ransomware and clearly they’ve been able to monetize it and find a great financial venture for them.” Mr McKinnel told Talking Business. 

“The way they do that is two-fold. One is to move away from targeting individuals and targeting organisations that have critical infrastructure … which clearly has a larger impact, not just financially, it brings things to a fall.”

Governments step up legislative support

Mr McKinnel said governments were now moving to legislating to protect vulnerable sectors.

There used to be four such sectors. Now there are 11 sectors centred around critical infrastructure. Among the critical 11 sectors are utilities, financials, water, electricity, food supply, hospitals and health care.

“That’s come about because of awareness of how reliant we are on multiple sectors and supply chains – the fundamental existence in our society,” he said.

 “If these organisations and services are to halt, it’s a major impact to society. That’s the new vector that cybercriminals are targeting.”

Mr McKinnel said businesses now needed a plan or process to deal with a cyberattack which could result in them ceasing operations, costing them millions of dollars every day.

“Most of these exploits these cyber criminals use have been out for ages and are easy to fix and remediate,” he said.

“The ability of organisations to put in controls and multi-factor authentication has been around for years so it’s not like these are super sophisticated attacks. People just get caught in the wild because they haven’t done the basic hygiene properly.”

Boards consider true risks of cyberattacks

Mr McKinnel said boards and tech people were clearly aware that cyber security was now a major risk.

“Where we see issues is between the technical practitioners who understand what needs to be done, and the very highest echelon of commercial people and directors that know something needs to be done – and often there’s this mish-mash in the middle of communication,” he said.

Mr McKinnel said this came down to organisations having plans that set out who was responsible for mitigating risk and triaging and allocating.

“There is this swirling mess right now because historically people have seen it as a technical issue … and their only task was doing what they can,” he said.

“What people could probably do is have a clear understanding of the lines of communication and setting up a framework, a governance policy, having an awareness throughout the organisation that this is a business risk now, not an IT issue or IT risk, and treating it as you would with occupational safety and health or other major elements of risk for a business.”

www.tenable.com

www.leongettler.com

Hear the complete interview and catch up with other topical business news on Leon Gettler’s Talking Business podcast, released every Friday at www.acast.com/talkingbusiness.

https://play.acast.com/s/talkingbusiness/talking-business-24-interview-with-scott-mckinnel-from-tenab

ends