How do we tackle an issue that’s bigger than the economy?
One of the things I enjoy most about my job is the opportunity to get out and talk to Australian businesses. I love it when they share their successes, and I always feel like I learn something when they talk through their challenges.
Last year had plenty of challenges, but among the business leaders I spoke to, one issue outranked anything else, including top-level concerns like inflation and interest rates.
The economy might dominate the political and business pages of our newspapers, but according to the people I spoke to, cybersecurity is, by a significant distance, the biggest challenge facing Australian businesses.
Yet Australian businesses know that they can’t hold back on digitisation. The digital economy moves too quickly and they risk getting left behind. Our businesses need to have digital strategies that fully address security, creating a well-managed, well-defined risk perimeter inside which they can confidently build their digital businesses.
Addressing real cyber threats
The evidence of the scale of the problem is more than anecdotal. Corporate regulator ASIC this year has warned company directors that cyber resilience should be at the very top of their priority list [1].
2022 raised the cybersecurity stakes for Australian businesses by an order of magnitude. Very high-profile attacks brought home just how real the threats had become [2].
While those attacks made headlines, day-in, day-out, Australian businesses of all sizes have been locked in a battle to keep their systems and data safe against a growing and increasingly sophisticated array of threats, including malicious groups backed by nation states [3].
I hate to say it, but we live in the era of “cybercrime-as-a-service†[4].
Hybrid working has made managing security more complex. According to the Australian Signals Directorate as many as 200,000 small office/home office routers in Australia’s homes and small businesses are vulnerable to compromise [5].
The business costs of cybercrime are very real. According to the ACSC, in round figures, the average cost of a cybercrime incident on affected businesses ran to:
- $39,000 for small business,
- $88,000 for medium business
- $62,000 for large business
The high level of damage to medium-sized businesses may seem surprising, but the ACSC notes that it “may be because they were less likely than large organisations to apply cyber security mitigationsâ€.
In addition, “medium-sized organisations may be more likely to report cybercrime to ReportCyber, as they are less likely than larger organisations to have sufficient in-house or commercial incident response capabilities,†it says.
What can businesses do?
While the threats are very real, the digital transformation of our businesses and our economy is too important to be derailed. The security issues are real enough, but with the right strategies, they can be managed.
The most important step businesses can take is to build a culture of security. Last year my colleague Darren Kane , nbn? Australia 's Chief Security Officer, hosted a discussion with some of Australia’s top cybersecurity experts - Nigel Phair from the UNSW Institute for Cyber Security , Cyber Security Cooperative Research Centre , CEO Rachael Falk and Amazon Web Services (AWS) Phil Rodrigues - to examine how, by building the right culture, organisations can turn security from a threat-focussed problem into an enabler.
It’s a very valuable discussion and I’d highly recommend it to technology leaders, but even more so to executives and directors who are grappling with how they’ll continue to operate and thrive in the current environment.
领英推è
As the discussion points out, the most important part of your security culture is your people. Even sophisticated defences can be undone by someone doing something as simple as clicking on a link in an email. In contrast, well-trained, knowledgeable employees add significantly to your defences and risk management strategies.
Get expert cybersecurity help
Yet even with a great security culture, in 2023 it is very difficult for businesses to maintain the resources, knowledge and capacity to manage security entirely on their own. A global shortage of cybersecurity professionals has not made things easier [6].
The scale of the issue means organisations of all sizes can benefit from specialist help and partnering with IT security experts, but the outsized financial damage done to small and particularly to medium businesses may indicate that they have the most to gain by making such a move.
Let me be clear though: security is not a problem you can buy your way out of. It’s not an issue you can outsource responsibility or accountability for. Ultimately it’s your responsibility, and that’s why building good security culture is so essential.
Nevertheless, part of accepting that responsibility is understanding how expert advice, skills and capability may help bolster your defences.
This can include:
- Accessing up to date technology and compliance measures
- Cost - security as a service can free up capital or get more capability for a given budget
- Scale and speed - being able to expand and allocate new resources quickly
The ability of some managed service providers to supply and manage networks alongside other technology infrastructure also can lead to a more integrated approach to security.
As business nbn? expands its network of service provider partners, there are more that can combine security expertise and network services into a single service, helping businesses build a more secure posture.?
Meanwhile, in the background, nbn partners with a large number of organisations to make sure we’re providing a secure, Australian-owned and operated network that’s designed to suit businesses’ rapidly evolving needs.
As well as the benefits it delivers for business applications, having a business-grade network in place makes it possible to leverage the scale and capability available by using security-as-a-service and other cloud-based systems.
The challenges posed by cybersecurity are real and growing. But by building the right culture and tapping the expertise of specialist partners, Australia’s businesses will be well positioned to thrive in this environment, and I’m really looking forward to hearing more stories about their successes.
References:
- https://www.afr.com/politics/federal/cybersecurity-a-number-one-risk-for-company-directors-asic-20230103-p5ca13
- https://hlb.com.au/optus-medibank-hacks-a-warning-to-business-owners/
- https://www.smh.com.au/politics/federal/cybercrime-gangs-combining-with-nation-states-in-profound-new-trend-20221103-p5bv7h.html
- https://www.afr.com/policy/foreign-affairs/australia-in-the-grip-of-cybercrime-as-a-service-20221112-p5bxpm
- https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022
- https://www.afr.com/technology/cyber-skills-shortage-to-hit-30-000-in-four-years-20220912-p5bhde
Team Leader Enterprise Networks @ ASIC | Business Management, People Management
1 å¹´It's a major concern Adam De Vincentis We are looking for security/ cyber engineer to join our team so pls send us any leads you got.. only the good ones ??
Business Improvement Expert - former practicing lawyer & chartered accountant, author, speaker & master business coach. I help business owners attract and retain a higher caliber of customer and maximize CASH FLOW.
1 å¹´I tackled this issue in a podcast episode recently? Maybe it needs to be covered again? https://podcasts.apple.com/au/podcast/financial-foreplay-podcast/id1548211155?i=1000596387129
Engineer Certified safety Hoardings for Construction, Retail and special events!
1 å¹´Onyer Brendan!