Now that 2018 is behind us, it’s worthwhile reflecting on what you can do to improve the security of your information systems and protect sensitive data.
This issue of cyber-security threats is no longer considered on the fringe of business operations, particularly if you’re running an SME or not-for-profit organisation. The reason is simple – the impact of a cyber security event can bring your entire operations to a standstill. In Australia, cyber-attacks are costing business and government more than AU$1 billion a year and rising (Gordon, 2018).
Furthermore, consider these sobering statistics (Clout, 2018):
- 59% of Australian businesses are interrupted by cyber-crime every month
- 55% of Australian SMEs expose themselves to cyber-crime through email and social media
- 48,000 cyber-attacks were reported in Australia in 2017 – 43% of which targeted SMEs
- 60% of SMEs hit with a significant cyber security event will go out of business within six months
This is a serious concern for any business that doesn’t have a plan in place to cope with cyber security threats. More importantly, simply implementing technologies such as spam filters, anti-virus/malware software and firewalls isn’t enough. Consider the fact that some large companies and government organisations have experienced significant cyber-security events despite investing large sums of money not only on technology, but have also put in place dedicated cyber-security experts who keep watch around the clock. A good example is the 2017 attack on the Australian Defence Force’s multi-billion dollar Joint Strike Fighter program and surveillance plan projects where 30 gigabytes of data were stolen including information on its warship and submarine fleet (Clout, 2018).
Cyber-criminals are becoming more sophisticated and can defeat just about any system and technology put in place. They are increasingly building their arsenal of attack vectors and continually search for weak points to access sensitive information. The weakest link is people. Cyber criminals know this so they use sophisticated methods including social engineering and advanced persistent threats (APT) to get to the information they’re after. Fortunately, there is something you can do – educate your people. This is important for one main reason – according to Dark Reading’s Strategic Security Survey almost a third of cyber-security events are caused by insiders – your trusted employees. In addition, the report found that 44 percent of organisations say authorised users and employees pose the greatest threat to data security and 61 percent of organisations believe negligent users will be the primary cause of a data breach in the next 12 months (Vijayan, 2018).
Cyber-security education and awareness is designed to keep people on their toes with security top of mind – all day every day. In essence, people are the last line of defence and the more educated they are on the variety of threats out there and how to spot malicious attacks, the lower the risk to the organisation. There are many cyber-security education platforms in the market. The best provide simulated email phishing and other social engineering attacks to determine what level your employees are at in terms of cyber-security awareness. These platforms conduct a risk assessment of an organisation then tailor an education and awareness program. Engage Consulting Group has partnered with a global provider of cyber-security education and awareness programs. For more information, visit our website.
Clout, J 2018, ‘More needs to be done by SMEs on cyber security: Angus Taylor’, Australian Financial Review, accessed 18 December 2018, <https://www.afr.com/technology/technology-companies/more needs-to-be-done-by-smes-on-cyber-security--angus-taylor-20180809-h13qh3>
Gordon, A 2018, ‘GSISS 2018: Cyber security spotlight on small business’, PWC Digital Pulse, accessed 18 December 2019, <https://www.digitalpulse.pwc.com.au/gsiss-2018-cyber-security-small-medium-enterprise/>
Vijayan, J 2018, DarkReading, ‘Data Breaches: Vulnerability Rising’, DarkReading.