Cyberattacks continue to pose a significant threat to the data security of Australian companies, with an average of one cybercrime occurring every 6 minutes (Department of Home Affairs, 2023). This escalating threat is generating concern amongst business leaders; however, many remain reluctant to take action and improve their cyber security. And this is having a widespread impact, as a quarter of respondents to a recent survey admitted that their important business data was not even backed up. (Australian Cybersecurity Magazine, 2023)
Business Leaders Facing a Suite of Barriers to Cyber Resilience
Rather than actively avoiding cyber resilience duties, business leaders are blocked by lack of understanding, internal disagreements, and the scale of work required to make change. And these barriers are affecting businesses of all sizes. Prior to the high-profile data breach in 2022, Medibank was warned about weak passwords and a lack of multi-factor authentication, but very little was done to rectify the situation—and this had disastrous consequences (Robertson, 2024).
In fact, the complex approval processes of larger organisations can cause significant delays to system upgrades. Chief Information Security Officer at Westpac Group, Richard Johnson, explained that cybersecurity practices are often stymied in the boardroom—a result of the digital literacy of ageing members. “A lot of investment in really complex technology … can be undone by a person who’s not aware of the kind of threats they face,” he stated (Davidson, 2023).
For smaller businesses, the dominant barrier is the time and resources required to upgrade their cyber security. These businesses lack the technological resources or available budget to implement the recommended cyber resilience measures. And, if they do have access to the resources, they will often be too understaffed and time-poor to action the changes themselves (Mizen, 2023).
However, there are still some measures businesses can make without encountering these barriers—such as internal training where employees are taught how to be the first line of defence against data hacking. This is an essential first step, as statistics show that the majority of cyber-attacks are enabled by a user simply clicking a phishing link. Without a cyber security-savvy team, sophisticated digital systems are just a wasted investment. (Knowles, 2024)
Future Government Support a Distant Possibility
Ahead of its 2023-2030 Australian Cyber Security Strategy, the Albanese Labor Government announced a plan to support data safety and resilience for Australian businesses. The Small Business Cyber Resilience Service plans to invest $8.1 million across three years to deliver free, tailored cybersecurity services to small businesses during and after cyber-attacks.
When deployed, the plan will provide a resource to help businesses develop and implement targeted plans to improve their cybersecurity (The Hon Julie Collins MP, 2024). However, until this service is active, businesses are still required to take matters into their own hands.
Where to Begin When Building Cyber Resilience
There is a cybersecurity protocol called the Essential Eight Maturity Model, which features eight critical mitigation strategies that businesses can deploy to improve their security posture. This model outlines the minimum security measures a business can take to boost its data security to a basic level (ACSC, 2023). The strategies are designed to be easy to initiate and deploy, enabling an immediate boost in overall organisational security.
The main strategies for improving data security:
- Patching applications and operating systems: This ensures that the latest security patches are installed, fixing any known vulnerabilities.
- Multi-factor authentication for all logins: Ensuring users are actively involved each time their applications are logged into, and they manage whether someone can access their account or not.
- Restricting administration privileges: This sets the level of access to specific programs, systems, and data.
- Application control and hardening: Setting application controls restricts the execution of unapproved software and scripts, minimising the chance of malicious software being installed. Hardening locks down specific features and ensures the latest security patches are installed.
- Restricting macros: Microsoft Office can deploy user-scripted macros to automate processes and boost productivity. But cybercriminals can also create macros featuring lines of code embedded that spread malicious software. Restricting the use of Microsoft Office macros reduces the chance of this occurring.
- Regular back-ups: Regular data back-up ensures that should any threats occur, the latest data will still be available.
While these strategies are essential, the cost of deploying them can be a major barrier. Some of the options don’t cost anything to implement, but then the business must have access to someone with the knowledge to do it themselves. Another potential solution is undertaking various measures at once, achieving a more efficient, and therefore more cost-effective, experience (iTnews, 2024).
Escalating Cyber Threats Demand Urgent Action
While deploying cyber resilience strategies may be a challenge, backing up and protecting your data is a critical step in mitigating the impacts of security threats. These cyber security measures also provide peace of mind, as you will know that your business and customer data is significantly less vulnerable.
CV Check provides compliance solutions that keep your data more secure. And with our ISO27001 accreditation, your sensitive information is protected by verified digital security measures. Get in touch with our team to find out more.
References:
Australian Cybersecurity Magazine. (2023, July 13). 75% of Australian Companies Overwhelmed by Data Security. https://australiancybersecuritymagazine.com.au/75-of-australian-companies-overwhelmed-by-data-security/
Australian Cyber Security Centre (ACSC). (2023, November 27). Essential Eight Maturity Model. Australian Signals Directorate. https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
Davidson, J. (2023, September 29). Reluctant to learn: how we opened the door to cyberattacks. Australian Financial Review. https://www.afr.com/technology/reluctant-to-learn-how-we-opened-the-door-to-cyberattacks-20230922-p5e6qy
Department of Home Affairs. (2023). 2023–2030 Australian Cyber Security Strategy. https://www.homeaffairs.gov.au/cyber-security-subsite/files/2023-cyber-security-strategy.pdf
iTnews. (2024, July 8). The Essential Eight Is An Opportunity To Drive New Strategic Value Into The Enterprise. https://www.itnews.com.au/feature/the-essential-eight-is-an-opportunity-to-drive-new-strategic-value-into-the-enterprise-609472
Knowles, K. (2024, January 19). 71% of Australian small businesses view cyber attacks as major risk. TechDay. https://securitybrief.com.au/story/71-of-australian-small-businesses-view-cyber-attacks-as-major-risk
Mizen, R. (2023, November 19). Cybersecurity boost to stop small business exploitation. Australian Financial Review. https://www.afr.com/politics/federal/cybersecurity-boost-to-stop-small-business-exploitation-20231119-p5el30
Robertson, J. (2024, June 22). How Medibank allegedly ignored the warning signs in one of Australia’s worst cybersecurity breaches. ABC News. https://www.abc.net.au/news/2024-06-22/medibank-alerts-australia-cybersecurity-breach/104003576
The Hon Julie Collins MP. (2024, March 15). More support to help small business cyber resilience. https://ministers.treasury.gov.au/ministers/julie-collins-2022/media-releases/more-support-help-small-business-cyber-resilience
