Insights Gained: Cybersecurity Roundtable Highlights

At a recent cybersecurity roundtable hosted by NSP, IT and security professionals from various organisations came together to discuss the evolving threat landscape and how to better protect their businesses.

In light of the increasing frequency of cyberattacks targeting major organisations in New Zealand and the resulting data breaches and ransomware incidents, cybersecurity has gained paramount significance in today’s dynamic business landscape.

One topic that came up was the growing scale and sophistication of cyber attacks. Hackers are leveraging artificial intelligence to automate social engineering at massive scale. Ransomware gangs are operating like businesses with supply chains and outsourcing models. This poses major challenges for organisations of any size.

When it comes to prevention, social engineering remains a leading cause of data breaches. The group discussed the importance of regular security awareness training that goes beyond just an annual phishing simulation. Training needs to help employees understand why certain behaviors put the business at risk so they are empowered to make better decisions.

From a technical perspective, many organisations rely on security tools not ensuring they are properly configured and monitored. Outsourcing security operations to a managed detection and response provider was cited as a way to gain critical expertise and visibility lacking with limited in-house resources.

The financial and reputational impacts of a cyber attack were also examined. Leadership needs to understand a breach could cost millions in lost business, fines, and recovery costs. This helps secure budget for proactive security improvements rather than just reacting to incidents.

Key action items any organisation should look at developing are an incident response plan, improving security awareness, assessing tool effectiveness, and considering outsourcing security operations for a more strategic approach.

Cybersecurity is not a one-size-fits-all solution. It varies not only based on industry and company size but also on the unique products, solutions, business processes, and infrastructure of each organisation. By comprehensively addressing the challenges related to people, processes, and technology, businesses can enhance their data asset protection and minimise the potential disruptions and financial ramifications of a costly cyber attack.

In addition to the above insights, key highlights from our Christchurch round table included escalating risks associated with remote work, cloud adoption, and sophisticated cyberattacks like phishing and ransomware. Emphasis was placed on the implementation of basic security controls, including multi-factor authentication, logging and monitoring, patching, and immutable backups, with a focus on ongoing management and review to adapt to evolving threats. The importance of fostering cybersecurity awareness across organizations through training programs and gaining senior leadership buy-in for a security-focused culture was highlighted. Acknowledging that most companies maintain some form of risk assessment, the discussions emphasized the need for a clearer security roadmap and response plan aligned with key risks and controls. Cyber insurance considerations were explored, with an emphasis on the criticality of robust security controls and incident response capabilities. Finally, the significance of organisation-wide visibility, achieved through in-house resources or trusted partners actively monitoring company logs, was stressed, citing a recent DHB attack as a cautionary example.

These insights collectively reinforce the understanding that cybersecurity is a dynamic and multifaceted challenge, requiring a comprehensive approach addressing people, processes, and technology to safeguard against potential disruptions and financial ramifications of cyber threats.