Cybersecurity and the Requirement of a Resilient Environment in Australia

Summary

  • Since the Cambridge Analytica scandal, people became more aware of the value of cybersecurity.
  • More jobs being created in the cybersecurity industry after more cyber attacks had been happening.
  • There are various possible ways of maintaining a good cybersecurity practice.
  • Most small and middle-sized companies in Australia (SMEs) have seen improvement in their cybersecurity resilience.

With a constant technology upgrade, the need for cybersecurity has significantly increased in the last few years.

The importance of the cybersecurity sector got more attention after the infamous Cambridge Analytica affair. The scandal took place in 2018, resulting in the largest data breach of Facebook history. Millions of the social media’s users were used for collecting information about the American voters and their Facebook friends, which were consumed for a Donald Trump presidential campaign.

Ever since then, people were more cautious about what to share on social media and the significance of protecting their data as much as possible.

Cyber resilience

By definition, cyber resilience was designed to prevent, respond, and learn from cyber attacks. In the last five years, many companies put an accent on e-commerce sales because of its efficiency and saving money (not paying for offices and additional staff), which led to a gold mine for criminals and hackers. That way, enterprises became more vulnerable to breaches and needed to step up in creating a safe digital environment.

Businesses started producing more jobs in cybersecurity so they could protect their clients and the reputation of the firm. As of 2018, Australia was short of 2,300 cybersecurity employees in this sector, and it would be no surprise if this career is heavily pursued in the JobTrainer program, recently introduced by the Morrison Government.

Maintaining a good cybersecurity practice

Preventing cyber attacks is a lot more important than defending from one, when it is already too late. For that reason, businesses invest a lot of money in the attack’s prevention, as well as making sure that the Board is engaged in reviewing the company’s security measures as appropriate.

Not every firm is at the same risk from criminal attacks. Board experts need to calculate the potential risks and invest in more security in case of a high threat. They need to think of all possible scenarios and make developments in order to prevent the breach.

Being educated about the cyber language, business, and potential risks that face firms are some of the qualities that every Board of cybersecurity professional needs to have. By having them all, there is a lower chance of getting attacked in the first place, and a higher chance of having a good response strategy when the breach happens.

All business factors need to be interpreted as a whole, rather than being reviewed separately. This approach secures a good assurance for the clients, as well as for good business maintenance. Some companies even hire third-party partners in order to deliver the very best service for the customers.

Collaboration and sharing information with other parties (such as financial, security or law institutions) is crucial when taking care of cybersecurity. Companies can identify motives for the attacks if they have successful collaboration agreements.

Last but not least, the cybersecurity professionals need to be properly trained and introduced to every possible way that a hacker can use to steal their data. It is highly recommended to test the staff by sending them emails containing malware and wait for their reactions and response.

Resilient environment in Australia

Since the 2017 cyber resilience research in Australia, businesses improved their management by an average of 15%, the new study finds. They put more efforts and made investments in risk management and reaction to threats. As of December 2019, 80% of the companies felt like their cybersecurity strategies were managed in a better way (20% improvement since the last study in 2017).

Examinees approached their cybersecurity resilience by setting targets throughout several cycles. Most companies found it hard to reach cycle 1 targets but being too ambitious and frequently changing the risk environment could explain the result.

To examine the resilience, the research set five functions (identify, protect, detect, respond and recover) to check how resilient the examined small and middle-sized firms are (SMEs).

80% of SMEs found that their risk assessment had either stayed on the same level or got slightly better than before. There has been some improvement since the cycle 1, but the firms believe there is more chance for improvement in this particular area.

After analysing prevention against the attacks, it has been concluded that employees have been more aware of risks and better trained for breach protection (by 77%). Nevertheless, workers could still make their skills better.

If the breach is not detected on time, it is highly possible that the situation will be worse, and more damages will be done within the business. There has been a significant change for the better in the detection function (by 25%), but there need to be more checks for anomalies.

Responding and recovering functions have been improved from 25% to 31.5%. The two functions were the ones that firms were most concerned about, so the results were seen as optimistic for the businesses.

In summary, around 80% of SMEs have seen better work in cybersecurity resilience, but they are still expecting their workers to keep sharpening their resilient skills.

Safety first

If it comes to any form of a cyber attack, the most important thing is to report the situation to the Board. The employees need to advise them of attempts and their safeguards could be improved to minimise the damage of the criminal breach.

Now that more people are working from home, their personal data is put at a huge risk, as most of them are working from personal computers or laptops. Every future attempt for breaking in the company’s systems through personal computers will be a lot easier to do because personnel’s devices are not as resilient to breaches.

Cybersecurity is an ongoing problem that needs constant maintenance and reviews. In the end, it is important to look at the positives and realise that the cyber issue will create a lot of jobs, which will be a happy consequence of the constant risk of penetrating financial systems.

Comment


Disclaimer