- Have any questions?
- 02 9247 6000
- media@commsroom.co
- Have any questions?
- 02 9247 6000
- media@commsroom.co
Menu
Creating and maintaining an ability for businesses and organisations to safely operate digital technology is critical in the information age. Malicious cyber activity threatens this opportunity. Understanding business cybersecurity risk is a standing agenda item, and if it’s not in your business, it needs to be.
Cyber threats are evolving in complexity, capability and availability. Keeping pace is extraordinarily challenging, and increasingly expensive, before and after a cyber-attack. In this context, a risk-based approach is the only option. In CSO Group’s seven-year experience, we would suggest that among the many cyber security risks that present, the following three are the most critical:
Human behaviour is the most prominent reason a cyber breach and potential compromise occurs. Due to the interconnected nature of the internet, we all have a responsibility for our collective societal cyber security. The action or inaction of an individual can impact many more people and potentially whole organisations.
The strategic risk here is twofold: cyber security awareness and skill levels of the entire population as more and more of our economy embraces digital technology will impact Australia’s economic stability if not adequate; and insider threats, both accidental and malicious, as the digital transformation provides increased attack surfaces. What compounds this even further is the significant lack of skilled resources within the cybersecurity industry (some 20,000 plus) and growing. This further challenges the ability to detect and respond to adversary attacks and support the education and supportive controls to minimise the human part in cyber security risk.
The limited understanding and affordability of cyber security requirements within small to medium enterprises (SMEs), and their importance in Australia’s industrial supply chain, provides opportunity for malicious cyber activity that can lead to major disruption regardless of how well protected large-scale enterprises may be.
When we think about supply chain, we often default to suppliers to ‘us’, however we need to think about our business in the supply chain as a whole. Small-to-large business are suppliers themselves within the national economy and many service sensitive government agencies and ensure critical infrastructure is sustained and that our sovereignty is secured.
It is expected that most businesses will be required to meet more stringent security controls and to demonstrate these to secure or retain commercial agreements. The supply chain risk is becoming one of the most acute cybersecurity risks within the Australian economy due to its vulnerability to be disrupted or permit access to sensitive information.
Business and government organisations are managed and governed by executives who are well skilled in the specific purpose, value and model in which their products and services are developed and delivered. Over time, these skills have been augmented by developing supplementary knowledge through experience, such as the value of technology, automation and innovative modelling. The recent surge of cybersecurity incidents has not afforded many the opportunity to develop an effective understanding of the risks and impact to their organisation and those they conduct business with.
Very public breaches, concerns by the ACCC and regulatory changes to the Privacy Act have seized leadership attention to better understand the risk and potential impact upon their organisation. That said, the understanding and effective engagement of executives has a long way to go. The acknowledgement of executive obligations and the material impact these have are still not comprehended to the level that is necessary for a safe and secure Australian digital economy.
If businesses prioritise mitigation effort of these cyber security risks, CSO Group contends, that this will offer the greatest value in an increasingly contested digital environment.
Michael Simkovic is a technology and cyber security expert focused on providing ICT security services and solutions to protect Australian businesses and government organisations from advanced cyber threats. With a wealth of experience across business streams including accounting, sales and strategy, he founded CSO Group in 2017, identifying a need for a cyber security service that truly integrates with the customer environment and acts as an extension of their team. He has become a partner and strategic advisor on cyber security and engages with organisations and leaders at a business level to help them understand and manage risk.
