Connectivity and technology continue to expand and develop every day, and Australian businesses use these advancements to be more mobile, efficient, and reach new markets locally and internationally.
The Telstra Security Report 2019 follows a year of high profile cyber security breaches that have littered the news cycle. And there’s been big changes to the Privacy Act 2018, in particular the arrival of its key requirements: the Notifiable Data Breaches Scheme, which has implications for businesses of all sizes.
The statistics of the report tell us that breaches and security incidents are on the rise. Some 65% of businesses were interrupted, while 89% said they had breaches go undetected. This aligns with cyber security expert Matthew Wilson’s claim, published in his column for Smarter, that all businesses have experienced a breach whether they know or not.
Planning for the future
Cyber security isn’t solely an IT concern anymore. It should be managed like any other part of the business. Senior managers and board members need to be aware of security protocols, policies and escalation procedures.
Planning your security procedures is the first step to keeping your business safe in the case of a breach.
As your business grows, you may be looking to expand internationally. Being aware ofthe security requirements overseas and how to protect your data in transit is essential.
New obligations under the Notifiable Data Breaches Scheme
During 2018, several new regulations came into effect here in Australia and internationally. Of most effect was the Australian Privacy Act’s amendment to create the Notifiable Data Breaches scheme
Since the introduction of the Notifiable Data Breaches Scheme and the General Data Protection Regulation (GDPR), 55% of organisations believe they have been fined for being in breach of such legislations. Keeping in mind that 89% of the surveyed had breaches go undetected.
Read: Compliance and Privacy in Telstra Security Report 2019
Cyber security is a human challenge
If it isn’t just an IT concern, whose concern is it? The quick answer is: everyone.
Human error – often caused by inadequate business process and employees not understanding their organisation’s security policies – was the highest risk to IT security identified by 36 per cent of respondents to the 2019 survey.
Read: Homegrown tech entrepreneur Matthew Wilson on the human side of cyber security
The cyber threat dictionary
Cyber attacks are becoming increasingly more common as devices connect to the Internet of Things (IoT). Every connected device is a possible entry point to your protected data and business details. A study by Qualys, referenced in the Cisco 2018 Annual Cybersecurity Report, found that 83 per cent of IoT devices scanned (e.g. HVACs, door locks, alarms), had critical vulnerabilities.
We aren’t just protecting against viruses anymore, and today we need to be aware of more than malware, ransomware, and phishing. There are new challenges emerging all the time, like crypto mining, advanced persistent threats, and cloud security considerations.
Every member of your staff needs to be aware of the possible threats and be familiar with how your business prepares your network defences.
The cyber crimes you need to know about
Espionage isn’t just for movies, and cyber activism doesn’t have to be a guy in a darkened basement. Understanding the types of cyber crime prevalent today is the best way to understand how your business needs to be protected. In the report, 63 per cent of global respondents and 65 per cent of Australian respondents reported their business was interrupted due to a security breach in the past year.
Traditionally, big businesses were seen as targets for cyber crime due to their large client lists and big bank accounts. But today every small business could be seen as an easy target for information and data theft.
Learn about the different cyber crimes and the effect that they can have on your business so that you are prepared to protect and react to save your data if needs be.
Detection and response are key
The top two security challenges globally, for organisations surveyed, is timely detection and incident responsiveness and the impact of new technologies.
An essential tool to counter a threat in a timely manner is an incidence response plan. However, from the data sampled in the report, 1 in 4 Australian businesses don’t have such a plan in place to deal with damaging cyber-attacks when they happen.
Being secure in finance
Protecting businesses and customers’ personal financial information is a huge issue that touches most of Australia – and the finance industry deals with some of the most highly protected data the world over.
Past years have seen cyber attacks target credit cards and debit cards, but this year the trend has swung toward the theft of personal information and identity details. As this data becomes more heavily digitised and easily shared, identity protection becomes even more of an issue.
By being aware of how to keep not only your data safe, but the data of your business too, your employees and your customers can ensure you steer clear of problem areas.
Steps you can take today
While you take the time to pour through the report and make plans for the future, there are positive steps you can take in the next 5 minutes.