In doing business online multi-dimensional challenges have come from an increasingly sophisticated cyberspace landscape with hackers, ransomware and malicious attacks being part of the package.
The Australian Cyber Security Centre (ACSC) which monitors this activity records a cybercrime every 10 minutes, highlighting the need for business to ensure their systems are secure.
More than a third of the incidents reported are related to federal and state government bodies – a serious problem, given government is responsible for the delivery of the country’s critical infrastructure, electricity, communications, water, education and health.
In the financial year ending June 2020, ACSC responded to 2266 cyber security incidences, averaging 164 cybercrime reports per day, including a severe Category 1 attack involving the “sustained targeting of Australian governments and companies by a sophisticated state-based actor”, believed to be China.
As a result, the government announced a $1.35 billion Cyber Enhanced Situational Awareness and Response (CESAR) package to boost protection and cyber resilience for all Australians.
The main focus of CESAR is to improve advanced detection of widespread cybercrime campaigns and facilitate sharing of cyber security advice to Australians, as well as forecasting threat intelligence.
A serious need for industry preparedness against a cyber attack became a main focus of the 2020 Virtual Cyberweek conference in October.
It was attended by at least 600 virtual participants and sponsored by industry leaders in energy, communications, logistics, transport, health, security and manufacturing.
The conference was told that maintaining stringent security online and digital trust had become front of mind, with calls to make it an urgent priority in the coming year.
As data breaches become bigger or more common, digital trust becomes a valuable commodity.
Increasingly, businesses are waking up to the idea that healthy security enables good business and customer loyalty.
From overseas, the Global State of Online Digital Trust Survey and Index 2018 from US CA Technologies shows that “taking security and privacy seriously can have a positive financial impact beyond avoiding costly breaches”.
The report surveyed consumers, cyber security professionals and business executives, which highlighted consumers’ lack of confidence in the way organisations collect, store and use their digital information.
It found that “consumer digital trust in Australian organisations ranked the lowest in the world (54 points out of 100)”, compared to the US at 61 points, for example.
In Australia, IT security professionals (73 per cent) and business executives (50 per cent) both admitted to using consumer data containing personally identifiable information.
CA Technologies say that the study “clearly shows that trust is fleeting if organisations do not do their due diligence to protect consumer data from getting into the wrong hands”.
“Now, more than ever, business need to understand that success in the digital economy requires a security-first mindset… and organisations owe it to their customers and shareholders to get it right,” the company said.
At the 2020 Cyberweek Virtual Conference there was general acknowledgement that a great user experience meant addressing business customers’ need for security and privacy.
A hypothetical cyber security scenario, as part of the segment wrapping up the conference, pointed to the need to increase digital trust, as well as ramp up preparedness during cyber attacks.
The Australian Information Security Association sponsored the hypothetical scenario event, which was addressed by a panel of experts from Toll Holdings Group Information Security, Cohealth, Cybersecurity Siemens Digital Industries and the Australian Energy Market Operator.
The recommendations at the end of the discussion and the hypothetical scenario included:
1. Recognition that cyberspace attacks have real and serious impact on the physical environment of business operations, for example on logistics, transport, supply chains and business operations and efficiency.
According to Serge Mailett, the head of cyber security at Siemens Digital Industries (Australia and NZ), it’s a lot like “having an insurance policy”.
“I don’t think we can really afford as a business to just respond after an attack has happened.,” he said. “At that time it’s really a little too late. Prevention is better than cure and that applies also from a cyber safety perspective.”
2. That value chains in business, which impacts on supply chains, are related to each other. The interconnectedness of an online-based environment was a focus in the hypothetical; urging strong suggestions from the panel that all sectors need to come together in strengthening cyber security infrastructures, information and skills learning exchanges.
3. Recognition from industry and business that due to serious impact of cyber attacks on effective operation, a cyber security policy and strategy is essential not only for quick response but also for mitigation and prevention of subsequent attacks.