Why Big Data Protection is a Team Sport

Your business is fighting the cybersecurity war and increasingly sophisticated security threats like ransomware and attacks on Internet of Things (IoT) devices are tough opponents. Across the globe, backdoors in IoT systems provide hackers with millions of unprotected gateways into IT infrastructure, while cybercrime syndicates are structuring a value chain for ransomware tools.

Locally, almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. DDoS attacks and the Mirai botnet have recently proven how vulnerable the connected devices and online properties are to exploits. It’s not only breached businesses that are affected. Organisations with data held by those businesses are also compromised.

With this in mind, it’s easy to see how a team mentality is required when it comes to protecting data. The Australian government, security vendors and their customers are three key players.

The Turnbull Government has responded by announcing a plan to create a mandatory data breach notification scheme for business and government organisations, which is set to come into play as early as this year.

Under the new legislation, organisations that realise they have been breached or have lost data must immediately report the incident to the Privacy Commissioner and notify affected customers. Companies or agencies that fail to do so face penalties of up $1.8 million. Individuals can be fined up to $360,000.

The Australian Government’s sharpened focus on data protection will put security and privacy breaches in the spotlight like never before. As Australia transitions to a digital economy, we’re seeing a huge amount of data gathered and stored. Gartner expects there will be 21 billion connected ‘things’ worldwide by 2020. While this level of connectivity offers plenty of benefits, it poses security risks to users and external organisations, and the cost of security breaches to local organisations is only going to increase.

Data protection and recovery requirements have moved beyond traditional security solutions. You need to drive threats out of their organisation at every opportunity.

The quicker your business detects anomalies in its infrastructure, the better. Attacks are often months or years old by the time they are discovered, as many security point solutions only store a few days or weeks’ worth of data. Findings from FireEye M-Trends 2017 Report show that the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days. This is why having an analytics platform that can store and retrieve years’ worth of data is crucial to meeting the Turnbull Government’s proposed regulations.

To help Splunk customers better analyse and respond to security attacks, we’ve extended our Adaptive Response Initiative. This orchestrates a wide range of security capabilities, enabling point solutions to work better together. One example of this is through ForeScout. Unlike traditional, single point approaches, ForeScout is combining alert and threat information from multiple security technologies. With this collective insight, security teams can make better-informed decisions across the entire kill chain.

An adaptive, connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. 

And as the Turnbull Government takes a step forward in the escalation of data protection, now is the time for your business to do the same. By leveraging the industry’s unified defence against attacks, you have the opportunity to strengthen security operations, and avoid striking out in the cybersecurity game.

Simon Eid
Posted by

Simon Eid

Managing Splunk’s business across Australia and New Zealand, Simon is tasked with owning the sales strategy, culture, leadership and people management of the sales operation. He has more than 25 years of experience in IT sales and business management. Prior to working at Splunk, Simon held sales and management positions at a variety of enterprise technology organisations, including Dell EMC and Symantec. Simon is based in Melbourne, Australia.

Join the Discussion