Understand – your posture

The pressure on leaders at this time is extraordinary. As incident responders and leaders, we are engaged across many industries and understand that decision-making needs to be well informed, but methodical. We have outlined below priority information requirements against each response option. 

questions that need to be asked and answered

What are your new risks?

The way you work has changed, where your users are located has changed, your risks have changed.

Where is your data now?

So you had to get users working and you didn’t have enough laptops, so the business made a decision to let remote users use their own. Your corporate data is now on unmanaged unsecure endpoints, you need to get it under control.

actions

By following these actions you will better understand your posture and be on track to a more secure business.

Where and how your people work has changed, make sure your policies and procedures are up to date.

  • Review work from home and data handling policies, and update
  • Make sure users are aware of any policies around the handling of data, remote access and privacy etc.
personnel-management

Understand how your people are now using your company information. Equally where are they storing it - on your device or their’s.

  • Take the time to understand how people are now working with company data and what the data is. If you don’t have a data classification standard or data labelling enabled now’s the time to start.
  • Look at ways to provide secure containers or repositories for sensitive data e.g. Microsoft Intune, VDI etc
control-removable-store

Review relevant business compliance requirements and address any announced changes for reporting

  • Assess your compliance requirements against your new working environment. Look for non-compliance against the Data Privacy Act, ISO27001 etc.
  • Work with your Compliance and Risk teams to better understand what standards you need to comply with. Get on the front foot.

SIEM remediation tasks – you have a SIEM that’s great, it’s now time to make sure it’s relevant

  • Ingest new log sources particularly those that are more critical than ever e.g. remote access, remote endpoint and new SaaS services
  • Update Playbooks and threat intelligence feeds. Bad actors will take advantage of change.
  • Build new Use-Cases that make sense, improbable access events and user behaviour are a great place to start
continuous-incident-detection

next steps

We protect australia's leading brands and businesses against cyber threats.

Cyber security is in our DNA