Nick Lennon is the ANZ Country Manager at Mimecast, having joined in 2007 as a Channel Sales manager. As a leader in management excellence, Nick has personally grown the local team from five members to over 100 since Mimecast’s introduction to the ANZ market. Nick maintains a passionate focus on achieving rapid local business growth, understanding evolving challenges across all verticals and ensuring customers get the best service driven by Mimecast’s strong culture.
Unfortunately, since we’ve all been working from home in Australia, we’ve seen far too many good organisations report a data breach, cyberattack or ransomware attack.
Many leaders of industry in logistics, mining and healthcare, along with state and federal government agencies, have had to pick up the phone and call the Office of the Australian Information Commissioner (OAIC) to report that their staff, customers or citizens have had their data exposed.
The result is that the people affected second-guess the impact of the breach on them, hoping they’re just innocent bystanders in a much bigger attack. Even so, they’re usually just left to fend for themselves. The individuals affected can only hope they haven't used that same password anywhere else or that the data exposed doesn't put them at risk.
Yet each of these organisations has spent millions on the best security solutions the market has to offer. Everything from best of breed SASE, Next-Gen Endpoint, Next-Gen Firewalls, Secure Web Gateways, Cloud Security, Vulnerability Detection, SIEM's, SOARs and Data Security to Network Detection.
So how did we end up in a situation where every day a trusted brand in Australia or New Zealand seems to be reporting a breach, despite having spent millions on protecting their data, their employees, their IP and their customers?
That’s where the issue of effectiveness comes in. With so many capabilities, controls and policies available, the one area cloud security providers need to focus on is informing and educating administrators about the dangers of improperly-configured security controls.
All too often, a major breach occurred because an overworked security team overlooked a control or missed an incorrectly-configured security setting. Think back to the CapitalOne attack. Think about all the major brands spending millions on cybersecurity each year and still suffering breaches.
This is where a cybersecurity rating, or S.A.F.E score, can help. A S.A.F.E score is an independent, objective and quantifiable measurement of the overall cybersecurity strength of an organisation. The score helps executives, IT Leaders and IT Administrators get a more accurate picture of the precise risks of their current setup.
It can also highlight key cybersecurity actions that need to be taken immediately. For example, is a policy enabled for all users or a pilot group? Does a high-risk user have access to data that could result in a large breach? Have the learnings from security training been understood and put into practice? As a board, do we know if our team has a good handle on the controls of the best-of-breed services we have signed up for?
These are the questions your S.A.F.E score can answer, and help you quickly plug the gaps in your cybersecurity setup. It can also be part of a cyber risk assessment which would determine your insurance premiums as well.
Having the latest cybersecurity tools is all well and good, but they won’t be much help if they aren’t configured properly. Your S.A.F.E score can help you make sure you’re getting the maximum cyber protection from the tools you already have in your organisation.