Australian businesses must realise that they need to adapt faster than ever, now that cybersecurity is ranked on par with other national security concerns, says RSM Australia.
The country's new data breach notification laws now indicate there is a compelling message for businesses, which must now ensure their business systems and client data are secure from the risk of cyber attacks.
“With the Australian Crime Commission estimating annual direct cost of cyber crime to Australia being in excess of $1 billion, businesses need to adapt and put systems in place to cope with the new normal of cyber crime,” comments Michael Shatter, partner, Risk Advisory at RSM Australia.
He says that organisations should not be focusing on new risks, but should instead be ready for similar and more complex attack that leverage existing vulnerabilities.
He believes that people are still an organisation's weakest link, and they are not being fully educated about security risks.
“Cyber security is like a house: there are many areas that need to be secured. Simply purchasing a security product doesn't make a business safe. The underlying business environment needs to be secure. Poor foundations lead to poor security,” he says.
“Increasing digitisation means cyber security cannot be considered an isolated risk or something to relegate to the IT department. It must be considered a business risk. The board must be aware of and actively pursuing ways to mitigate cyber risks. These threats won't be solved as a one-off project. Instead, businesses need to manage cyber risks as a part of daily business operations,” he continues.
RSM Australia has three tips for organisations wanting to fight cyber crime this year.
- Make cyber security assessment a continuous process. Every network change, such as adding a router, replacing a server or implementing new software, creates new vulnerabilities for cyber criminals to exploit. Organisations therefore need to assess the network to identify weaknesses and develop incident response plans, then repeat the process regularly.
- Take control. Preventive controls help reduce the instances of security incidents from occurring and better deter unauthorised access. Detective controls help to monitor and alert the organisation to malicious and unauthorised activity. Corrective controls limit the scope of an incident and mitigate unauthorised activity.
- Build security awareness into your organisational culture. Many employees become unknowing contributors when they innocently click on a link in an email message that activates a malware attack. Often the email may look like it was sent by a colleague or associate. Last year, a ransom virus shut down the Royal Melbourne Hospital's pathology department. Cyber criminals may target officials in human resources, purchasing and other departments who may be less aware of risks they face from intrusions.