Hoping for the best, planning for the worst: the cyber-attack recovery plan every Australian business needs to have

By Simon Howe – APAC Sales Director at LogRhythm

Credit: ID 93107840 © Gearstd | Dreamstime.com

Has your organisation fallen victim to a hacking attack or serious data breach? They’ve become unremarkable occurrences in the digital era, in Australia and around the world.

Preventing them while simultaneously planning for the worst, should your defences prove inadequate, should be on your list of standard business housekeeping chores, along with tasks such as reviewing insurance policies, keeping accounts up to date and paying superannuation contributions regularly.

Playing the numbers game

Think your enterprise is unlikely to be a target? Your optimism is admirable – but it’s very likely misplaced. Businesses around the world are operating in a climate of rising threats, where disaster can be as close as the ill-advised click on a phishing email away.

Advice published by the Australian Cyber Security Centre in 2019 noted threats to organisations were becoming increasingly sophisticated and targeted. Hackers and cyber-criminals are well aware that the information businesses have in their possession is valuable and could provide their competitors or adversaries with political, military and economic gains.

Household name companies which have experienced notifiable data breaches in recent months include Toyota Australia, Bank of Queensland and Kathmandu. Our finest tertiary institutions were not spared when Australian National University and Australian Catholic University both reported major data breaches weeks apart.

Serious cyber incidents can represent more than a mere inconvenience, in the form of the hours spent offline while ICT experts race to restore normal service. Downtime, lost productivity, loss of standing and damage to customer confidence can all cost companies dear, immediately and for months and years after the event.

Research suggests many Australian businesses are already cognisant of this fact – some by virtue of bitter, firsthand experience.

According to PwC’s 2018 Global Economic Crime and Fraud Survey: Australian Report, almost half the enterprises surveyed had experienced a cyber-attack between 2017 and 2018. Cyber-crime was identified by senior executives as the most disruptive economic crime of the moment and the greatest danger to growth prospects.

Mobilising the defences – and planning for their failure

Prevention is always better than cure but not every incident can be prevented, even in enterprises where the high-tech defences are formidable and the employee training programs regular and rigorous. One successful phishing attempt – and evidence suggests these have become exponentially more sophisticated, plausible, targeted and frequent than they were a decade ago – can be all it takes to open the enterprise up to compromise or damage.

Having a response plan ready to roll, should this occur, can mean the difference between orderly recovery and scrambling to salvage the business’ reputation and bottom line.

If you’re dealing with a data breach, being upfront about it with customers and partners whose information has potentially been compromised is the best policy.

It’s also the law.

Since February 2018, the Privacy Act has required businesses with turnover greater than $3 million to advise customers and the Office of the Australian Information Commissioner (OAIC) within 30 days, if they experience or suspect a serious data breach.

Businesses which fail to comply must be prepared to weather sizable fines – up to $1.8 million for egregious or repeat offenders.

The heavy hand of the law may also come down from afar. The European Union’s GDPR privacy regime requires data breaches to be reported within three days of detection. Fines for non-compliance can be imposed not just on companies domiciled in Europe but on any business which collects and stores the data of EU citizens, including those headquartered in Australia.

While customers and suppliers are unlikely to relish the idea of their data falling into the wrong hands, being seen to respond rapidly and transparently can limit damage to the relationship and the reputation of your business.

Learning from experience

‘Those who fail to learn from history are condemned to repeat it’. Legendary war time Prime Minister Winston Churchill’s 1948 pronouncement to the British Parliament was a solemn reminder of the wisdom of learning from past mistakes.

It’s an observation that should resonate with Australian businesses which have experienced the misfortune of a major data breach or fallen victim to a significant cyber-security attack. Remediating the problem is expected and necessary – the law and your customers will demand it – but resolving to learn from it is smart.

Conducting a thorough post-mortem of the incident will help you determine whether business processes need to be changed or tools and technologies upgraded, to prevent a recurrence. A professional security audit may be necessary to highlight weaknesses in your defences and to provide recommendations on how they can best be strengthened. 

Planning for a safer future

Being an enterprise that’s serious about cyber-security entails more than just installing firewalls and anti-virus software and reminding staff to stay vigilant.

Australians organisations that want to up their odds of recovering from a hack attack or cyber breach should also have comprehensive incident response plans ready to enact, should the worst occur.

Tags data breachesACSC(Australian Cyber Security Centre)GDPR (General Data Protection Regulation)Cyber recovery

Show Comments