02 November 2018
Data security is a major concern for organisations of any size, type and industry. There are endless examples of small to major data breaches being reported in the media, often very little detail is made available regarding attack vectors, investigative work performed, findings etc. In the last two months a U.S agency called the Government Accountability Office (GAO) released a report into the Equifax breach which it compiled at the request of the US Congress. The Equifax data breach hit the news in 2017 as their executives took steps to advise the public that Equifax had been undergoing a cyberattack for an unspecified period of time and they were aware that sensitive data had been stolen.
The report is an easy to read document, worth reviewing and sharing with anyone in your organisation that is required to take part in discussions or decision making regarding information risk and governance, IT Security best practices etc. Click here to download a copy of the report.
Some of the key points in the report are –
One of most important lessons from this data breach report is that, security needs to be an all-inclusive, layered and integrated approach. We commonly treat smaller issues such as managing SSL certificate renewal as a low priority task (creating a security gap) whilst focusing on high end ad-hoc security solutions.
The Equifax data breach highlights the need to regularly conduct objective security architectural and configuration reviews. Ideally the reviews should be done in combination with periodic audits of your current security controls, processes and procedures to validate their effectiveness and measure overall security posture.
In previous versions of Newsflash we have highlighted our Microsoft 365 Audit offering (view the case study). The majority of the organisations we have worked with in this area are also looking to partially or fully embrace cloud delivery for their line of business applications.
Before this transition occurs it is worthwhile undertaking a review of your planned Microsoft Azure security architecture. This presents an ideal opportunity to potentially reduce the complexity or overlap of the specified technical controls whilst improving security effectiveness.
As the transition gets underway periodic configuration checks are also recommended to ensure security gaps are not inadvertently being introduced into the new environment.
To discuss how Kaon Security can assist your organisation in the areas of IT security audit services or security architecture reviews contact Mike Conboy or Steve Macmillan
VIC 03 9913 3248 | QLD 07 3194 3664 | NSW 02 9098 8206.
The Essentials Package is designed to assist organisations with under 250 people programmatically develop and improve security awareness at an affordable price.
Analyse Your Human Risks
- Risk Intelligence Survey
- 4 Prebuilt Phishing Campaigns
- Unlimited Phishing Simulation Tool
- Find-a-Phish Reporting
- USB Drop Campaigns
Plan a Year-Round Program
- Quarterly Awareness Program Plan
- Adaptive Planning Tool
Reinforce Regularly
- 4 Videos
Train Your Employees
- 2 Online Training Courses
- 2 Phishing Training
Deployment and Customisation
- Employee Learning Center
- Content Tracking and Reporting
Client Success and Support
- Online Support Center
- Email Support
Priced From $24 per user, per annum
During November Kaon Security will be present at 2 local government events - ALGIM November in Rotorua and IT2018 November in Coffs Harbour. If you are attending feel free to call by our stand for a chat.
Making Cloud Computing More Secure – The Shared Responsibility Model >