Two to three years ago, most organisations that asked us to audit their cyber security systems were either looking to ensure the risk to their business was being effectively mitigated or were being asked by their customers to attain information security certification as a requirement for future contracts. Increasingly, a third category is now emerging – businesses that have been hacked and suffered data loss through malware or ransomware attacks, and want to prevent future attacks.
And these threats are growing – particularly in critical sectors. A recent research report showed industrial control system based successful attacks increased by 44 percent, while breaches in the critical manufacturing sector rose by nearly 150 percent in the first half of 2020.
One of the key findings is that four of the most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options due to the COVID-19 pandemic challenging the ability of organisations to conduct rigorous patch management.
Multinational cyber security advisory groups recommend that organisations apply available patches for known vulnerabilities and implement a centralised patch management system.
ISO 27001 for Information Security Management Systems, the internationally recognised standard for information security, provides a holistic, risk-based approach to identifying the range of attack vectors and risks that apply to an organisation, the range of controls that can be used to mitigate the risk, and their effectiveness. This enables targeted action to address vulnerabilities and gaps to reduce risk.
ISO 27001 is now one of the fastest growing international standards, and the number of certified organisations in Australia has more than doubled in less than two years, with many more organisations in the process of working towards certification the standard.
As your business becomes more and more ‘digitally enabled’, why not contact us for a chat or a free quote to discuss how certification to an internationally recognised standard in information security could help you reduce risk and help win future business. Our experienced team have helped organisations of all sizes and types across Australia and internationally to reduce their cyber-security risks.