e Top 7 investment areas and actions to cyber secure your business in 2022 and beyond - Australian Cyber Week - Equate Technologies

Top 7 investment areas and actions to cyber secure your business in 2022 and beyond – Australian Cyber Week

Oct/28/2021

James TuckerIt’s Australian Cyber Week, so we thought it timely to ask our resident Cyber Guru, @JamesTucker to share his views on the kind of preventative measures businesses should be investing in to ensure performance, productivity and protection for their business operations.

In a year where we’ve seen cyber-attacks and vulnerabilities at levels of complexity and frequency like never before, it’s time to act.

Here are our recommendations for 7 key areas to understand and address in securing your business in 2022 and beyond.

Critical Review Area to Understand

Recommended Activity

The Threat Landscape and associated security controls.
  • Identify and prioritise the most likely and highest impact threats to your business and/or vertical.
  • Focus manpower and money on implementing detection and controls to mitigate those threats.


The security maturity of talent across your business (including C-Suite).
  • Provide organisation-wide training on how to identify and deal with cyber threats; particularly phishing and physical security.
  •  Train every member of the incident response team.
  • Run table top / scenario-based exercises so that everyone understands their role at every phase of the incident lifecycle.


Organisational assets (technology, software, infrastructure).
  • Be aware of and actively manage:
  • Infrastructure and software assets owned or consumed by your entity.
  • Vulnerabilities on those assets.
  •  Remediation of vulnerabilities.
  • Processes to support recovery from asset failure or compromise.


Asset activity and validation of controls.
  • Create audit logs for all change and access activity.
  • Ensure Endpoint protection and response for all servers/workstations.
  • Undertake network traffic analysis and protection, particularly at network boundaries.
  •  Manage phishing; it’s a major vector for initial access.
  • Ensure alerts and anomalies are responded to and understood by your team.


The entities interacting with your assets.
  • Restrict user accounts to the least privilege on each asset or service, using a centralised AAA system to provide a simple, single point of control and reduce error.
  • Use multi-factor authentication wherever possible, both internally and with partners.
  • Ensure privileged accounts are separated and only used for administrative activities (and vice-versa) to limit damage caused by a compromised account.


Partners, Suppliers and Service Providers.
  • Complete security-focused due diligence on every partner, supplier and service provider.
  • Be aware of their vulnerabilities and compromises.
  • Create a plan in case of a critical third-party compromise.


Your response plan for cybersecurity incidents.
  • Create, test and manage a response plan for cyber security incidents.
  • Ensure you have appropriate skills in-house, or a partner with an external provider, like Equate Technologies / Nexon, to ensure scalable protection.
  • Stay focused on optimising resources to ensure the 6 phases of security incident response are managed within your risk appetite and profile:
    • Preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Lessons Learned

Related Posts

...

05.11.2022

To NIST or not to NIST? Which Cybersecurity Framework is right for your organisation?

Essential Eight or NIST? how do organisations know which framework to follow, what action to take and how to evaluate their effectiveness?

...

04.28.2022

Infinitely flexible EDR automation Webinar with Equate Technologies and Tines

Come and hear us share our insights about how we make endpoint protection amazing with innovation from Tines.

...

04.01.2022

Cyber Security defence and its continued relevance in 2022.

A recently released report from Mandiant, detailing the timeline of the most recent Okta breach has been “leaked” to the public and the timeline appears to be quite shocking

© 2020 Equate Technologies