Incident Response: How to Build Cyber Resilience in 2019

By Joseph Failla, Accenture’s Security Lead for Australia and New Zealand.

Credit: ID 125243166 © Drawlab19 |

Despite growing efforts in information security capabilities, many Australian businesses continue to fall victim to cyber attacks, which are increasing in frequency and sophistication.

Recent breaches both globally and locally demonstrate widespread vulnerabilities, a point reinforced by findings from Accenture, which show that while Australian organisations prevent 80 percent of all targeted attacks, there are still two to three reported security breaches every month. 

Responding to the threat of cyber attacks, Australian organisations are starting to invest in innovative technologies like artificial intelligence (AI), machine learning and automation. Investment in these technologies form a huge component of organisations’ cybersecurity strategy, with Accenture’s research finding that 90 percent of Australian organisations expect investment in cybersecurity to increase in the next three years. Despite major plans for investment, only 30 percent of organisations expect that increase to address the growing threats. 

To truly combat cyber security issues, Australian organisations need to stop perceiving security as an ‘option’, but instead view it as a critical part of organisational risk management - in the same way we view occupational health and safety, insurance and legal compliance.  

Throughout 2018, we have seen that even the most mature security program may be unprepared to respond effectively to a truly sophisticated cyber attack. 

With the looming threat of further cyber attacks inevitable, how can Australian organisations respond decisively, effectively and with confidence to cyber attacks in 2019?

The shift towards cyber resilience in 2019 and beyond

A concerning and increasingly common trend is the time in which cyber criminals gain and retain access to victims’ networks, remaining completely undetected.  

Even with all the modern cyber security tools and controls that most businesses employ, sophisticated attackers can consistently bypass these controls and remain hidden from view while they access and exfiltrate corporate assets. 

In response to escalating cyber security threats, businesses are shifting their focus towards a more holistic cyber security strategy that looks at controls to prevent as well as detect, contain and eradicate cyber security threats. 

This new approach is known as cyber resilience. It means that organisations are now accepting the fact that it is likely they will fall victim to a cyber attack at some point in the future. They are preparing to minimise the impact to their business and their customers by reducing the time it takes to detect and expel cyber attackers. 

Accenture believes there are four key areas Australian businesses should focus on in 2019 to increase their resilience to cyber security threats:

1. Understand the threat 

Knowing who your adversary is and what their capability is helps you focus all your other security controls on the threats that matter to your business. 

Analysing available threat intelligence and monitoring the threat landscape gives valuable insights into what types of attacks are taking place and who they are targeting. 

This visibility can help organisation tune their controls and be better prepared to detect and contain attacks.

2. Be the threat 

Following best practices and standards is no longer enough. Resilient businesses need to continually stress test their controls to find their weak points and make sure their teams remain vigilant. 

There are various forms of stress testing security controls ranging from table top scenario exercises through to more advanced adversarial simulations designed to simulate a sophisticated attack. 

Stress testing helps to uncover weaknesses in controls and processes that can be further strengthened to increase resilience.

3. Identify the threat 

In the event you have a failure in your preventative controls, your ability to detect a threat is key to minimising the impact. 

Ensuring you have the right detection capabilities that remain focused on your threats which are up to date with their latest tactics will help reduce the chances of a major data breach. 

Key to maximising the effectiveness of your detection controls is a deep understanding of the tools, techniques and processes being used by current threats. Simply monitoring default SIEM rules is no longer effective. 

Many of the current attacks make use of standard operating system utilities and authorised user access making them very difficult to distinguish from normal user activities.

4. Expel the threat

Finally, once you have detected a threat, your ability to contain and eradicate that threat, closing any vulnerabilities they may have used to gain access along the way, is key to reducing the overall impact from the cyber breach. 

More sophisticated businesses today set up relationships with peers, government agencies and reputable vendors, so that in the event of a major cyber attack, they have a cavalry at hand to call with the expertise and scale to deal with a major and complex threat scenario.

Recognising the need to help Australian businesses deal with these new cyber threats, Australia and New Zealand recently announced a joint commitment to enhance cyber resilience in the Pacific region. 

The announcement introduced a $9 million expansion to Australia's Cyber Cooperation Program (CCP) over four years, aiming to strengthen cyber crime prevention and enhance cyber incident response capabilities with regional partners. 

Security threats evolve constantly. What kept you safe in 2018 won’t be sufficient tomorrow. More than ever, it will be important for Australian organisations to shift their thinking towards improving cyber resilience by knowing, being, detecting and eradicating cyber-security threats. 

Australian organisations who do so will be able to minimise both the likelihood and impact of cyber attacks – protecting both their businesses and their customers – through 2019 and beyond. 

Joseph Failla is Accenture’s Security Lead for Australia and New Zealand.

Tags accenturesecurity breachescyber resilience

Show Comments