Don’t let your security become a cyber risk

As the world becomes hyperconnected, the line is blurring for businesses between the physical security of assets and the cyber security of data, elevating the urgency for businesses to check the cybersecurity credentials of their third-party security partners. 

Cybersecurity has become a top priority for businesses everywhere in response to the explosion of cybercrime by growing ecosystems of illicit organisations dedicated to engineering new tactics to steal data and dollars.

“It’s not a new risk, but there’s no doubt the threat of cyberattack is significantly increasing,” says Indra Saseendran, general manager of digital operations and data security at Chubb Fire & Security Australia, a leading provider of security surveillance, monitoring and fire protection systems.

He says cyberattacks have more than doubled globally since the pandemic according to statistics from the International Monetary Fund, and they’re costing businesses more every year from a combination of stolen funds, fines for data breaches and reputational damage.

Australia is certainly not immune, with a cyber incident report made by businesses on average every six minutes to law enforcers last year, according to the government’s Australian Signals Directorate 2022-23 Cyber Threat Report.

Each incident cost medium-sized businesses on average almost $100,000 last year, up 14 percent from the previous year. They also led to the private data of millions of Australians being leaked to the dark web after being stolen via malicious means including ransomware, hacking and malware.

Mr Saseendran says as businesses entrust more of their processes to third party vendors whose services are integrated into their technology environment, it’s vital to review all partners’ cybersecurity credentials, since every connection channel increases the ‘attack surface’ for malicious cyber actors.

“Outsourcing processes, such as your security and fire safety, provides great benefits, but you’re only as strong as your weakest link,” he says. “It’s vital to ensure all third parties are managing information security, data security and cyber security well, or your business may be exposed to operational, financial and reputational risk.”

He says the easiest way to have confidence that a prospective partner has appropriate security controls is to specify they must be compliant with a global standard such as the International Organization for Standardization’s ISO 27001, the leading information security management standard which requires businesses to take a systematic, best practice approach to managing and protecting data.

“The criminals will keep evolving their tactics, so it’s vital that you are continually evolving your defences, and that includes the defences of all your connected business partners,” he says.

Recognising these risks, Mr Saseendran says Chubb Fire & Security Australia has invested heavily to meet the highest information and data security benchmarks both in Australia and globally, including ISO 27001.

“At Chubb, we take our commitment to protecting our customers’ data incredibly seriously,” he says, noting that Chubb, which has operated in Australia for almost 130 years, is providing an ever-growing suite of remote, connected services that’s changing how businesses manage their fire protection and security.

“Meeting ISO 27001 standards demonstrates Chubb Fire & Security Australia has a world-class level of security across threat monitoring, breach mitigation and sensitive data protection. It also means we are committed to continually improving our data security management, all of which means our customers can have confidence that their information assets will be in safe hands when partnering with us.”

Mr Saseendran adds that Chubb’s Monitoring Centres – from where it runs its alarm monitoring and response services – are the only such monitoring centres in Australia to be certified as a ‘Grade A1, Redundant Level R1A’ by the Australian Security Industry Association Limited, the highest industry rating.

“Achieving this certification means Chubb is leading the Australian security industry,” he says.

“It requires our monitoring centres to have heightened security across both cyber and physical aspects of the facilities, and is a testament to our robust infrastructure which puts the security of our customers first.”

Mohamed Bilal, director of digital technology at Chubb Fire & Security Australia, says Chubb also complies with Essential Eight – developed by the Australian Cyber Security Centre as a requirement for security contractors working with the Australian Government – and uses advanced technologies to detect and respond to cyber threats in real-time.

“As a leader, we meet multiple standards, and have a broad spectrum of information and data security controls which go above and beyond minimum requirements,” he says.

Tips for businesses to stay cybersafe

Mr Saseendran and Mr Mohamed shared their top tips to keep businesses stay from cybercriminals.

1. Pick an information security framework (such as ISO 27001) that suits your needs and stick to it.
2. Do a risk assessment to map out the business’ critical assets and get a deep understanding of cyberattack surfaces.
3. Have a response plan ready, with prioritised remediation actions. You are better off working on the assumption that your business may be a victim of a cyberattack and, so, be ready to act fast. Test your recovery measures regularly.
4. Ensure any third-party suppliers, such as technology vendors or security monitoring providers, meet high information security standards such as ISO 27001. You are only as secure as your weakest link.
5. Don’t ‘set and forget’. Cyber security is not a once-off exercise; it’s a continuous journey. Keep apps and devices up to date; and maintain and test the robustness of your systems regularly.
6. Store your valuable data in a secure storage location and back it up regularly, in the event of loss.
7. Use strong passwords, a password manager and two-factor authentication. Encourage and reinforce good cyber hygiene practices among all staff.