Do you feel confident in your cybersecurity efforts? After all, you’ve likely spent a bit of budget—sometimes quite a bit—on protecting your enterprise. Now, you can confidently sit back and trust the process. Then again, you might be aware that your defences are lacking, but haven’t the time or budget to devote to the problem. So, you hope nothing happens until you can address the issue.
Either way, you’re on treacherous ground. When it comes to managing and mitigating cybersecurity risk, the archetypal Aussie attitude—she’ll be right, mate—couldn’t be more wrong.
Complacency is a clear and present danger for organisations and enterprises that want to avoid falling victim to high-tech attacks that can hit them where it hurts most: the bottom line.
Landmark White, a property valuation firm headquartered in Sydney, learnt this the hard way earlier this year when one of its valuation platforms was hacked, resulting in the compromise of around 140,000 client records—a massive data breach by anyone’s standards.
Several months later, having weathered a trading halt, the suspension of business by major clients, the departure of a CEO, and a significant bill to strengthen its security systems, the company put its losses at $7 million. That’s hardly pocket change for many organisations and it’s a sum that could easily sink once financially sound small-to-midsize organisations.
Meanwhile, the chances of falling victim to a high-tech attack are on the rise. According to Accenture’s 2019 Cost of Cybercrime Study, Australian organisations reported an average of 65 security breaches per year in 2018, an 18 percent increase over the previous year’s figures.
Sitting still can spell disaster
Minimising the risk of cyberattacks and data breaches within an enterprise is an exercise akin to painting the Sydney Harbour Bridge, our favourite homegrown example of a task that never ends. For organisations dedicated to doing cybersecurity rigorously and well, it’s an ongoing effort, not a discrete set of tasks that can be ticked off and forgotten for a year or several.
Sitting still is fatal, and organisations that do so will inevitably find themselves struggling to secure critical infrastructure and data using outdated and insecure cybersecurity technologies.
These technologies may have constituted an adequate defence against 2016’s key threats, but they’re less likely to withstand the latest gambits of hackers and cybercriminals who see one door shut and immediately begin searching for another to open.
Here are some ways you can root out complacency in your enterprise and safeguard your systems and data.
Audit your systems - If you don’t know what systems you have, how can you protect them? Has it been a while since your last software audit? Can you say with confidence that no new solutions or endpoints have been added to your network in the interim? As a matter of course, it’s probably a good time for a thorough review of your systems. Documenting your hardware and software infrastructure allows you to identify potential vulnerabilities and put measures in place to address them.
Stay up to date - Firewalls, secure Wi-Fi, multifactor authentication software…whatever the combination of measures you may have deployed in your enterprise, current technology is safer technology. Patching legacy systems quickly becomes the norm for overworked IT and security teams. However, you could pay dearly should hackers happen upon an obsolete or unprotected program.
Back up your systems - This tip is an oldie but a goodie. Data that’s been archived remotely and backups that are conducted regularly, firewalled, and kept offsite will enable your enterprise to quickly become operational again should hackers succeed in hijacking or crashing business-critical systems.
Train your team - Yes, cybercrime is inherently high tech, but many attacks can be avoided by focusing your efforts on something that isn’t: your employees. Phishing emails continue to comprise the bulk of cyberattacks and their success is contingent on whether or not an employee will fall for a fake email or click on a dodgy link. Instigating recurring training programs for all staff is a simple and low-cost way to strengthen your defences over the long term.
Develop a response plan - “Hope for the best, prepare for the worst” is sound advice across all areas of operations—cybersecurity included. A robust response plan that maps out responsibilities and recovery workflows will ensure that response team members understand their roles and are ready to spring into action should the worst occur.
Time to act - In 2019, cybersecurity is no mere afterthought. Addressing cybersecurity risks and having the capacity to contain and remediate threats swiftly are critical to long-term business health and viability. If complacency has crept into your enterprise, it’s time to replace it with a commitment to concerted, continuous action that can mitigate and manage this very real commercial danger.
As the old saying goes, “complacency is the enemy of excellence.” This is especially true in the world of cybersecurity. Cybercriminals have grown more organised and sophisticated, and the ever-changing nature of their attacks is proof. Thus, organisations cannot feel lulled into a false sense of security. Your security may have been good enough years ago, but is it ready to protect you from today’s increasingly sophisticated attacks? Don’t find out the hard way.