With Prime Minister Malcolm Turnbull raising cyber security to the level of national security, it’s essential for Australian businesses to understand that the risk isn’t going away and they need to adapt more quickly, according to RSM Australia. Combined with the recent announcement in regards to the introduction of data breach notification laws, there are now compelling reasons for organisations to ensure their business systems and client data are secure from the risk of cyber attacks.
Michael Shatter, partner, Risk Advisory, RSM Australia, said, “This year the same old predictions appeared in the news, from ransomware to IoT and cloud security. The issues won’t go away in the next few years. With the Australian Crime Commission estimating annual direct cost of cyber crime to Australia being in excess of $1 billion, businesses need to adapt and put systems in place to cope with the new normal of cyber crime. Shatter explained “Of course it would be wonderful to be able to talk to our clients about exciting and new risks that they need to manage, however the reality is that organisations will be impacted by similar and more complex cyber attacks which leverage off many existing vulnerabilities.”
“Unfortunately, humans are still the weakest link and many businesses are still failing to educate their staff about cyber security risks. Taking the friendly nature of humans into consideration, it is much easier for an attacker to ask someone to open the door than to try and break it down themselves.
“Cyber security is like a house: there are many areas that need to be secured. Simply purchasing a security product doesn’t make a business safe. The underlying business environment needs to be secure. Poor foundations lead to poor security.
“Increasing digitisation means cyber security cannot be considered an isolated risk or something to relegate to the IT department. It must be considered a business risk. The board must be aware of and actively pursuing ways to mitigate cyber risks. These threats won’t be solved as a one-off project. Instead, businesses need to manage cyber risks as a part of daily business operations.”
RSM Australia has identified three important things businesses need to do to protect themselves from cyber crime in 2017:
1) Make cyber security assessment a continuous process. Every network change, such as adding a router, replacing a server or implementing new software, creates new vulnerabilities for cyber criminals to exploit. Organisations therefore need to assess the network to identify weaknesses and develop incident response plans, then repeat the process regularly.
2) Take control. Preventive controls help reduce the instances of security incidents from occurring and better deter unauthorised access. Detective controls help to monitor and alert the organisation to malicious and unauthorised activity. Corrective controls limit the scope of an incident and mitigate unauthorised activity.
3) Build security awareness into your organisational culture. Many employees become unknowing contributors when they innocently click on a link in an email message that activates a malware attack. Often the email may look like it was sent by a colleague or associate. Last year, a ransom virus shut down the Royal Melbourne Hospital’s pathology department. Cyber criminals may target officials in human resources, purchasing and other departments who may be less aware of risks they face from intrusions.
Michael Shatter said, “Businesses seem to be falling victim to the same exploits and attacks time and time again. Cyber criminals are sophisticated and sneaky so it’s time for businesses to get a step ahead, putting strategic security measures in place that force attackers to try a different victim. Otherwise it’s only a matter of time before the business loses money and faces reputation damage due to a successful cyber attack.”