But that doesn’t mean that other sectors are safe. Connectivity between organisations means owners of businesses of all types and sizes need to be concerned about the security of their own operations and those of their suppliers, customers, peers and competitors.
“Cyber risk is now so present in almost all aspects of business operations that it is impossible to protect against completely, but exposures can be mitigated. Business operators need to change their mindsets to adjust to this new reality.”
Robyn Adcock, Cyber Technology Practice Leader at Gallagher
Why every business is a potential target
In commentary in the Australian Financial Review James Turner from CISO Lens, a forum for chief information security officers of large Australian organisations, warns: “If you are hoarding customer data, you'll be targeted. If you're generating insights on your users, you'll be targeted. If you are creating and delivering value, if you are relevant, if you have a trusted relationship with your customers and suppliers and are in regular communication with them, you'll be targeted.”
Yes, cyber criminals are harnessing ever evolving technologies, including artificial intelligence (AI) and machine learning, internet of things (IoT) connectivity, cryptocurrency transactions and Cloud security, in mounting their attacks.
Still, with exploitation of user credentials the most common tactic according to the Verizon report, it’s the human factor that poses the biggest threat to cyber security. Businesses need to train their staff to recognise phishing attempts to gain information and vulnerabilities in digital networks where access needs to be isolated and protected.
Time and money
Business owners, even if they are sole operators, also need to invest in safeguarding their enterprises.
Time in identifying what needs to be protected and carrying out the organisation of transferring data to the Cloud, for example, limiting access to only those who absolutely need to use the relevant information and using dual factor password protection. The Australian Cyber Security Centre provides a free guide of the Essential Eight steps to mitigating cyber security.
And a monetary investment in the form of budget for cyber security training and practical measures, which may in some cases be outsourced to specialists, and insurance cover provided to help deal with an actual security breach and the costs involved. These could range from enforced suspension of operations to reputational damage limitation and encompass everything from ransom payment to restoration of lost data.
“Cyber insurance is designed to meet a variety of different challenges that can arise in the event of a data breach,” Adcock says. “We can help businesses proactively manage their risk exposures.”