2016 was one of the biggest years yet for cybercrime. The Red Cross was the victim of Australia’s largest data breach, it was the year of the infamous #CensusFail and of course we saw hacking attacks on the Democratic National Committee in the US, along with Yahoo and Adult Friend Finder, and these are just a small sample of the very highest profile cybercrimes. However, don’t think that a malicious cyber attack is just in the realms of the high profile and the global, mega-corporation. The fact is, the majority of hacks that happen to smaller, national businesses were not reported in 2016.
Security should be a top priority for all businesses, yet it is an issue that many organisations don’t adequately budget for and, as such, aren’t adequately prepared for.
Below are our top five reasons why you need to make sure you budget for security in FY18.
- Changes to the Data Privacy Act
While we mentioned above that the majority of hacks that happen to national businesses were not reported in 2016, that won’t be the case in 2017.
New laws have recently been passed that require organisations to notify the Privacy Commissioner and customers if they have experienced a data breach. Failure to comply can attract fines of up to $360,000 for individuals and $1.8 million for organisations. We’re pretty sure you would prefer to be in the pool of organisations that don’t have anything to report!
- Protect your image
There’s no faster way to watch your customers abandon ship than a breach. Once your customer base learns of your security breach, most clients will abandon you (up to 85%) and take their business elsewhere, fearing for their own personal information. And, the speed at which a business can go under after a cyber attack was proven a few years back by the case of a small Melbourne IT company which was attacked on 11 June, and was placed in the hands of the receivers by 20 June.
- You hold sensitive or private data
These days even if you don’t store credit card details online, almost all companies hold sensitive information about finances, trademarks, strategy and general email conversations not only for their own business but those of their clients—everyone is a potential target and the consequences of a breach can be devastating and irreparable.
- Security is now an accepted risk and cost
With more and more devices and services moving online (e.g. Internet of Things) there are more ways than ever for your security, privacy and data to be compromised. Cybercrime is estimated to be costing Australian businesses around AUD $4.5 billion a year, with this figure expected to grow exponentially. In the light of this trend, a new form of risk mitigation is emerging. Cyber insurance offers a business the assurance that if it can’t prevent a cyber attack, it can at least insure itself against some of the repercussions, and it is a message that an increasing number of businesses are beginning to heed.
- It’s not a matter of IF it’s WHEN
In 2016 alone, there were more than 600 million breached records, 400 million variants of malware detected and more than 10 million web attacks each month. Australia has been named the number 1 country globally for data breaches and if it wasn’t obvious before, it is now—it isn’t a matter of will your business be hacked, but when.
So what should you do?
At Kiandra we often talk about the layers of security for business, the more layers you have, the more security and protection you have in place. We strongly advocate you budget for a multilayer approach to mitigate security breaches. At a minimum, the base level preventative measures you have in place should include:
- Staff awareness training and regular testing (do your staff know what common attacks look like, do they know the latest threats, are they exercising common sense?)
- Making sure that your IT team put in place the necessary security controls (intrusion prevention systems, end-point protection, whitelisting and lockdown, networking and email protection, firewalls)
- Documented and tested incident response policies and procedures for cyber-attacks
- Penetration testing (a trained professional attacks your systems from a malicious hacker’s point of view, to uncover security vulnerabilities and weaknesses within an environment)
If an organisation has done everything in its power to prevent a breach from occurring, this will drastically reduce the image defamation, company reputation and PR fallout that arises from an attack. If you would like more information on how we can help your organisation stay secure, check out our security solutions or get in touch with the team on 9691 0500 or firstname.lastname@example.org.