Online security imperatives for Australian businesses
Web-based technologies have become an integral part of today’s society. According to the ACMA 92% of the Australian population are active internet consumers. We are a culture who embraces convenience, so it’s no surprise that we connect our lives to our web based devices. Whether we are adding items to our ecommerce cart, or filing business documents in the cloud, web based applications have become a very real part of our lives. What is surprising is how at risk our privacy can be, and how little most of us are aware. The recent story aired by Four Corners on Australia’s risk of hacking has brought these very real issues to light.
Whist there are a multitude of vulnerabilities that can leave us exposed, the Open Web Application Security Project (OWASP) suggests that there are 10 key vulnerabilities that can often lead to hacking. These include Code Injection, Broken Authentication and Session Management, Cross-Site Scripting, Insecure Direct Object References, Security Misconfigurations, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Use of Components with Known Vulnerabilities, and Unvalidated Redirects and Forwards.
What does all of this mean? For the average user, it means that there is a lot of room to be taken advantage of. However, one of CIBIS’s primary principles is to provide highly secure business systems, hosting and software to all of our customers, particularly those who are engaging with the web. How do we do this?
Firstly, it’s certainly not by chance, but more importantly, if you factor in the cost of a security breach (reputation, remediation, loss of sales, productivity, data loss, privacy and much more), it’s now almost impossible to justify taking short cuts or using cheap, untested solutions from untrusted providers. The downside risks are just too high.
As a long term trusted provider to government, large and small private sector clients, we’ve developed policies, procedures and processes with the sole aim of minimizing security risks to any data we store, manage or maintain. What’s more, our clients benefit from both our awareness and the priority we give to developing secure, smart systems.
Now ask yourself. What is it you really want? To deal with an amateur who can develop pretty websites, but lacks the depth to deliver a robust and secure solution, or deal with a provider who delivers the whole package, and has the depth of experience to guarantee a successful solution?