If only we could wish away cybersecurity threats and just focus on what we do best: our business!
The cybersecurity maturity – or lack thereof – among Australian businesses makes you wonder if there is something we are missing. The increasing incidence of cyber-attacks with new intrusive ransomware begs the question, have we been telling tall tales about our own sense of security? Or have we just put our heads in the sand, hoping the problem may just go away on its own?
The real questions we need to ask ourselves are: what value do I place on my business and my livelihood? And how does securing my business (or home) from cybercrime compare to how I secure my home from traditional crime?
The most recent ‘WannaCry’ ransomware outbreak is a reminder, or perhaps a wake-up call to all of us, that cybersecurity problems will not just vanish, but will rather increase dramatically.
WannaCry, in fact, is just the beginning. As the Prime Minister’s cybersecurity adviser, Alistair MacGibbon, has stated in the media, “this is not game over”. There may be an abundance of harmful ‘zero-day’ malware yet to be waged upon the world.
We need to remain vigilant and enforce more security controls in the way we conduct our business. These days we very quickly learn how to use devices and computers, but are we taught how to effectively secure them and our business?
Just like general safety in our everyday lives, cybersecurity in business is a balancing act. As well as placing security controls on our business we also must be more aware and educated about security. Processes need to change so we are always prepared and protect our livelihood. This is simply responsible computing.
While we hope that all cyber security technology can prevent every cyber threat, this is not always going to be the case. This puts the onus back on us to determine if a file is safe to open or not, but will our cybersecurity expertise always extend to knowing if what we’re about to open is safe? Will our employees (or family) know what is hidden within the file? The answer is no!
AV software and security patching are the most fundamental solution to today’s woes, but they do expect some level of technical skills and knowledge to be able to pull the solution through. Is that the answer for everyone, though? No!
We need to be practical here and ask for what we really need from our vendors, IT managers and contractors. Ultimately, however, this is not enough. Continuous information security education and training is vital. It should be added as part of any new employee’s onboarding process. If we want to see a safer and secure cyber world we need to understand what information security really is.
Is your company concerned by the latest ransomware attack? Are you confident your business is sufficiently protected against these threats? Share your concerns and experiences by leaving a comment below.
Contact Charles Hoang, Ai Group Adviser – Public Policy, if you would like to:
- find out more about what your company needs to do to become more resilient; or
- attend a future Ai Group briefing about cyber security awareness for your business.