Cybersecurity has been in the news a lot lately after the Australian Government revealed that the Liberals, Nationals and Labor parties had been victims of cyber-attacks at the beginning of 2019. Days after this announcement, a crime syndicate hacked and scrambled the files of 15,000 patients from a specialist cardiology unit at Cabrini Hospital in Victoria, demanding a ransom to break the encryption.
While cyber-attacks are not new and have been around for as long as the internet has existed, the unprecedented level of digital transformation occurring across all industries has resulted in cyber-attacks becoming much more frequent and costly. The growing amount of valuable data being digitised is prompting cyber criminals to employ increasingly sophisticated ransomware and malware, resulting in attacks that have far reaching consequences.
Just look at the coordinated hacking of internet-connected devices in 2016 that shut down hundreds of websites including Spotify, Twitter, The New York Times, Netflix and Reddit1. Or the 2017 cyberattack using a ransomware cryptoworm called WannaCry, which shut down 200,000 computers in over 150 countries2.
In Australia, serious cyber-attacks against companies almost doubled in 20183, costing businesses an average of $276,323 per attack4. Despite this, a survey by Accenture found that, on average, only 62% of an organisation is actively protected by its cybersecurity program5.
In the emerging hyperconnected and data-driven age of industry 4.0, where new cyber threats and techniques are emerging all the time, an insecure entry point to networks and devices can cause huge disruptions to business operations.
The Australian Government’s Cyber Security Strategy shows that all organisations regardless of size face cyber risks. However, healthcare, advanced manufacturing and agribusiness are particularly vulnerable due to their recognition as strategic priority sectors under the Australian Government’s Industry Growth Centres Initiative.
According to the CSIRO’s cybersecurity roadmap, these industries are attractive to cyber criminals for a number of reasons. In the health industry, cyber criminals can use patient records for blackmail or to sell on the black market; in the advanced manufacturing industry, cyber criminals can gain access to intellectual property and sensitive customer data for financial advantage; and in agribusiness, data can be manipulated to enable food fraud6.
A holistic cybersecurity strategy that addresses different types of threats should therefore be a fundamental requirement for businesses.
Even if your business already has a cybersecurity plan in place, the beginning of the year is a good time to reassess and identify if there are any areas where vulnerabilities may exist.
Below are some simple measures you can take to improve basic cybersecurity practices.
Draft a set of security policies and procedures that make clear who can access the network and how, who can install software, who can analyse and log data, and where and for how long data is stored. This should also include acceptable use, reporting mechanisms, password requirements, e-mail standards, handling of removable devices, handling of sensitive information, locking computers and devices, and social media standards. Distribute this to all staff and contractors.
Keep a register of your assets, including what devices are on your network, where they are located, what information is stored on them and who has access. This should also include any ‘bring your own devices’ (BYOD).
Make use of firewalls, security software and spam filtering, and ensure these are kept up-to-date.
Have multiple back-up methods for important data.
Mandate the use of strong credentials such as two-factor authentication.
Split your network into sub-networks to keep sensitive or critical systems separate.
Move critical applications to a trustworthy cloud service. Most of these services have invested heavily in security infrastructure so they’re generally more secure than internal servers.
Educate and train staff in proper cybersecurity practices, including network access responsibilities.
Author: Adelle King
1 Perlroth, N 2016, 'Hackers used new weapons to disrupt major websites across the US', The New York Times, viewed 21 February, <https://www.nytimes.com/2016/10/22/business/internet-problems-attack.html?_r=0>.
2 Sheedy, C 2018, 'Why cyber attacks are becoming more dangerous', In the Black, viewed 21 February, <https://www.intheblack.com/articles/2018/04/01/cyber-attacks-more-dangerous>.
3 Pash, C 2018, 'Serious cyber attacks against Australian companies have almost doubled this year', Business Insider, viewed 21 February, <https://www.businessinsider.com.au/serious-cyber-attacks-attacks-against-australian-companies-have-almost-doubled-this-year-2018-6>.
4 Braue, D 2017, 'Ignorant of cybersecurity risk, breached small businesses are concealing the cost of recovery', CSO, viewed 21 February, <https://www.cso.com.au/article/616882/ignorant-cybersecurity-risk-breached-small-businesses-concealing-cost-recovery/>.
5 Pash, C 2018, 'Serious cyber attacks against Australian companies have almost doubled this year', Business Insider, viewed 21 February, <https://www.businessinsider.com.au/serious-cyber-attacks-attacks-against-australian-companies-have-almost-doubled-this-year-2018-6>.
6 CSIRO 2018, Cyber Security: A roadmap to enable growth opportunities for Australia.
Article – 4mins 30secs read
Australia is trailing behind its global counterparts in digital skills at a time when these capabilities are becoming increasingly important as businesses transition to smart offices. We look at how RMIT’s simulated Digital Office is helping students build these skills and prepare them for the future of work.
Article – 4min read
Voice-activated digital assistants like Samantha from Her might not be as far away as you think, and soon they might even be implemented into your workplace to optimise business performance.
Article – 7min read
There have been a lot of reports in the news lately about how many jobs automation will replace over the coming years. However, these only tell part of the story, with automation also predicted to create a number of new job opportunities with more fulfilling tasks for employees.