Cyber-attacks a growing concern for small business
Despite recent cyber-attacks, many senior executives have little understanding of cyber security.
According to Accenture research, global cyber intrusions in the first half of 2021 were 125 per cent higher than the same period last year, with Australia the third country where more incidents were observed, just behind the US and the UK.
Mark Sayer, cyber defence lead for Australia and Asia Pacific at Accenture, warns that although the increase in attacks seems alarming, they are only a fraction of what we can expect in the future.
Australia is already among the top 20 most digitised countries globally and is investing heavily to increase digitisation.
The Australian government recognises that cyber security is crucial to minimise the risks of digitisation and has pledged to invest over $1.6 billion in cyber security in the next decade.
Meantime, the government has published a cyber security guide for small business https://www.cyber.gov.au/acsc/small-and-medium-businesses/acsc-small-bus...
Despite the abundance of recent cyber-attacks, many executives at top Australian companies have little understanding of cyber security. There is the perception that cybercriminals are still a group of disorganised hackers and that this is merely a technical problem.
The odds of cyber-attacks are firmly stacked in the criminals’ favour. In any big company, a typical security manager needs to worry about thousands of security controls working all the time. The criminal only has to find one control that’s not working to be successful.
How can organisations fight back?
Accenture’s Sayer says that developing effective cyber security depends on obtaining reliable threat intelligence, so you understand the security risk before it hits you. You need to determine:
- Intent – How likely are you to be targeted by a threat group? Identify your most valuable digital assets. How attractive are they to a crime syndicate?
- Identity – Which threat actors will target your organisation? Threat groups specialise by industry and geography. Knowing your enemy is essential to form an effective defence.
- Modus operandi – How sophisticated are they? What techniques do they use? Do you need the cyber equivalent of window locks or a full-blown security set-up with motion sensors and CCTV?
Sayer advises that ‘threat intelligence’ is to help people make more informed risk-based decisions, security teams need to provide:
- High-level abstracts on critical events and potential threats for senior executives. This is essential for the board and C-suite to truly understand cyber risk and get buy-in for security operations.
- Briefings on the latest web application attack techniques for digital developers.
- Details of the latest ‘in-the-wild’ threats (those attacking real world companies right now) for infrastructure operations teams.
"It is impossible to prevent every single possible criminal behaviour, but if you know your enemy – if you can see who’s coming and how they operate – you’ll have a fighting chance of stopping them," adds Sayer.
Date Published:
29 September 2021