Cybersecurity is, and will continue to be, the hot topic this year, with global cybersecurity spending expected to reach $US124 billion, according to research company Gartner.
Recent cyber attacks against Toyota and LandMark White serve as a stark reminder of the pervasive threat of cyber criminals. The issue becomes dispiriting when you delve into the statistics of data breaches.
An IBM-Ponemon study last year, Cost of a Data Breach, concluded the average cost of a data breach was $US3.86 million and the likelihood of a recurring breach in the following two years was 27.9 per cent. A data breach of more than one million records will cost about $US40m, and a loss of more than 50 million records will cost a staggering $US350m.
Australian small and medium business owners have long had a delusion that they “fly under the radar” of cyber criminals because they deem themselves “too small to bother with”. Recent statistics from Verizon show this is no longer the case, with 43 per cent of data breaches involving small business victims. Unfortunately, more than 500,000 Australian small businesses fell victim to cyber crime in 2017, and research shows that more than 60 per cent of SMBs go bankrupt within six months of a data breach. It is no longer an option for Australian businesses, regardless of size, to do nothing and hope for the best.
So, what can be done? At the outset, every organisation should consider the data and assets they own and identify what is critical to their business operations and their consumers/customers. It is impossible to protect everything at all times, and there is a limit to the capital available for cybersecurity budgets. The identification of your critical data and assets, your “crown jewels”, will enable you to implement appropriate security.
Invest in cybersecurity awareness training for staff. Most data breaches occur because of human error, such as clicking on phishing emails or sending information to the wrong recipient. Promoting a risk-aware culture and ensuring your employees are capable of responding to cyber threats is a cost-effective method of reducing your risk.
The theft of credentials can compromise an organisation’s entire network. Multi-factor authentication requires the user to enter a password, then another form of credentials, such as a PIN sent as a text to your phone, a fingerprint scan or universal second-factor security key. When multi-factor authentication is implemented, it is substantially harder for a cyber criminal to gain access to credentials and networks.
Last, and of equal importance, back up your data. Ransomware is a type of malware that blocks access to your data or systems until a financial payment is made. Many organisations choose to pay the ransom because they do not have their data backed up, and to retrieve it they must decide between making a payment with no guarantee their data will be returned or lose everything.
Australian companies need to make cybersecurity and data privacy a priority and demonstrate their commitment to the trust of their stakeholders, to remain competitive in the digital age
As published in The Weekend Australian on June 15th 2019. https://www.theaustralian.com.au/business/careers/save-jewels-from-cyber-crims/news-story/97bc6ec6b3df03a027849d140e2c7bde