The first line of defence
According to the Telstra Cyber Security Report 2016, the frequency of cyber security incidents that have interrupted business in Australia has doubled in the past year. Traditionally we have believed that only the biggest targets need to worry about serious cyber risks, but a swathe of cottage industry hackers and hacktivist groups have shown that any business can be a target, and therefore every business should be protected.
As customers invest more of their money and personal information into businesses, the threat shifts from protecting not only your data but protecting everyone else’s data as well. If your business were compromised tomorrow, who would you need to tell about the breach? And how exposed would you be to legal action?
For this reason, executives and business managers need to be involved in cyber security discussions from the outset, and be aware of the risks to their company data, as well as the data of customers and other parties working with the business like contractors and suppliers.
Craig Joyce, Telstra’s Director of Security Practices spoke to us about how even though security skills need to be housed in a technical place such as “a dedicated security team in a larger organisation, or native IT department in a smaller organisation”, cyber security needs to be managed as a “board level risk”.
According to Craig Joyce, smaller businesses are now being seen as easier targets, or as gateways to access larger corporations through supplier lists or personal data. To this end, having an action plan that lays out the steps needed in the event of a breach could make sure your business is prepared and knows the steps of escalation from capturing the breach, to resolving the issue and locking down the data.
Investing in tomorrow
As businesses grow, the IT and cyber security needs change. As small businesses become medium businesses, the risks to internal data and business security shift and the scale of a breach can grow exponentially.
A greater media focus on cyber security and hacking over the past year has changed the way that larger organisations are investing in security. According to the report, 75 per cent of Australian organisations are increasing their spend on IT since 2014, where 60 per cent suggested their spend would stay the same.
The Cyber Security Report also suggests that there is a serious shortage within IT departments around security risk assessment and forensics and investigation. For smaller businesses who can’t afford large IT teams, Craig says that “building established relationships with trusted providers to help them out” can be a solid first step, as it provides experts as required, rather than at a full time cost.
He says that as we move into the future, security needs to take a “layered approach” because “what protects them now, may not protect them tomorrow”.
Open lines of communication
“We’re seeing a shift at the moment from some of our customers, particularly in the smaller segment as to how they can get access to CIOs [Chief Information Officer] and CISO [Chief Information Security Officer] type resources, but as a service,” explains Craig. This allows businesses that don’t necessarily have access to senior IT personnel to work with industry experts who can help them plan security.
The Cyber Security Report 2016 suggests that even though the number of security incidents in Australia is rising year on year, many organisations still operate under the assumption that they won’t have an issue.
While planning is critical to success in the security space, ensuring all staff are practiced and prepared to communicate vital information when it’s needed can ensure that normal services are returned as efficiently as possible.
Ideally, every business should have a cyber response plan that maps out who the key stakeholders are in your organisation and outlines who needs to know what and when.
The planning and development phase of security can have a huge effect on how protected your business is. From involving business leaders early, to investing smartly and watching like-minded businesses, there are a multitude of measures available to keep your data safe.