Cybercrime is a problem that costs the Australian economy up to 1 billion a year in direct costs alone according to ACIC (Australian Criminal Intelligence Commission), this is a ridiculous financial burden on many hard working companies who just want to do what they do best. Make or sell the product or service in which they are operating to perform. The sad truth is a high percentage of these organisations are not prepared for cybercrime as a threat, it is just not even on their radar of problems that need some of their limited time resources.
Especially if we look at small businesses with say up to 20 staff, these people do not have time or the financial backing to prepare for cyber threats or at least that is the opinion of many of these organisations. I am regularly told in my day job that security is not even something that the business considers. That is a little scary if you ask me but what they are saying is true they do not give it a thought and even when it is discussed with them many get that glazed over look in their eyes. I get it, security is my thing and I love talking about it and that is really not the case for many others (I get that same glazed over look when someone talks about sports – I am not really a sports guy) so I do understand that to some this is just white noise.
This is a little off topic but it’s even scarier when these same organisations do not even have an antivirus solution on any of their systems and the few that do over half of them are expired. Now, antivirus protection is the bare minimum protection that you could get but if you don’t even have that you are basically screwed no question. You are probably already infected with some sort of bug and are probably sharing all your data with a malicious actor. You could actually be in big trouble with this type of scenario as in Australia you need to notify all customers in an instance of a data breach and if you have cyber insurance you might as well burn the cover document as they won't be paying you anything with the severe neglect to your security responsibilities (and probably lied on the information form when getting it as it asks what protections you have in place).
Okay back to cybercrime now after my slight topic run away. If you ask businesses about cybercrime you will be told repeatedly by the leaders of those organisations that “That’s an IT or Security problem” and they are partly correct it is a problem that these areas should be involved in but Cybercrime is everyone’s business. What do I mean it is everyone’s business, simple.
Cybercrime is a big problem and we all know that with the 1 billion direct costs stated above but to fight this we need more than a technology solution or just a security solution. We need to reach deep into all areas of our businesses and every citizen or visitor to our country. Heck, let us say everyone in the world needs to get involved (except the cyber criminals of course, as they are the ones costing us all this money and well they wouldn’t want to help curb this back it might mean they can’t do that overseas holiday this year).
If we can bring everyone into this fight and look at all solutions that could help improve our resilience to methods that cybercriminals use against us all we could half this figure or almost completely eradicate it (Its unlikely we could eradicate it completely but it doesn't hurt to try). There are so many things we could do if we have everyone on board, we can change businesses processes to double check and triple check financial change requests or payments, we can change the policies of how staff do certain processes or interact over the internet, require direct contact for customer details changes.
What about training our staff or doing a compulsory internets smarts program in our schools to help educate our teenagers, we could then move on to the elderly I am sure we can find ways to help educate and protect these individuals from threats. I will not accept that the problem is too big for us to be able to find an adequate solution to improve these results for everyone. How about a life be in it type government campaign to really drive home the risks for everyday Australians and once that message has been driven so deep into our subconscious we can then move beyond this with more targeted businesses campaigns that could really help turn the tide so to speak of cybercrime and its mounting pressure it is putting on the world's economy.
I know I am just throwing ideas around here but we need to do this and we need to debate what will be the best path we can take to achieve what we are aiming for. We can leave it there though we need to grab hold of that decision and find a way to get it happening to ensure that we do not just talk about it but knuckle down and get it done. That is the only way we will make a difference, try something if that doesn’t work adjust and try something else until we can find the solution that can work. It may be five different plans that all come together that gets the result but if we do nothing I can guarantee you we will never succeed in finding that solution we need.
As always. Tell me what you think, argue with me I don’t mind but let's start a discussion that will benefit us all in the long run.
Till next time…