With the Federal Government announcing a new national cyber office and an overhaul of Australia’s cyber law also announced, cyber security continues to be a top issue for business and industry.
According to the Australian Cyber Security Centre’s Annual Cyber Security report, the average cost of cybercrime to Australian businesses has risen by 14 per cent from FY21 to FY22, and can cost $39,000 to small business, $88,000 to medium business, and over $62,000 to large business per incident.1
The difficult aspect of managing cybercrime is that it changes day to day, with cyber criminals quickly adapting to evade detection and be more effective.
Andrew Pade - General Manager, Cyber Defence Operations for CommBank says that it’s no longer an issue of businesses achieving secure status, but maintaining security in their business day to day to limit catastrophic cyber-attacks.
“It’s not if your business will face a cyber-attack, but when. So, measures need to be in place, and constantly checked and adjusted to mitigate the constantly changing nature of cyber-crime.
“Think about cyber security risk in the same way you think about risk in every other part of your business and lives – what are the vulnerabilities, what could happen if those vulnerabilities are realised, and how can they be avoided or reduced?,” Andrew says.
For businesses, he adds, there are several things to consider to ensure you are being cyber safe:
- Prioritise security the same way you prioritise insurance and other costs that secure your business. It’s less expensive to prevent an attack than recover from one.
- Make cyber awareness part of business-as-usual. There are free resources to do that starting with the Australian Cyber Security Centre and their Essential 8 Framework2, or CommBank’s Cyber Security information page.
- Keep your systems up to date. Get the latest versions of productivity tools like Microsoft Office that have multi-factor authentication and password security built in , and get technical assessments of your systems to find potential vulnerabilities and resolve or patch them, and automate as much of this as possible.
Andrew notes that businesses need to not only think about their own internal measures, but what measures are they using externally when dealing with customers and clients.
“Cyber security only works if we all work as a team. We are here to not only protect your business, but protect your customers and their business as well.”
When working with external customers and clients:
- Consider scams and fraud when you design and deliver communications. Set expectations on how your business asks for or shares information to help customer’s spot scams.
- Review how you secure and manage personal information. Businesses are subject to penalties in the event of a data breach. Look at the systems you’re using and governance practices for storing and sharing this sensitive information.
Andrew says that CommBank is constantly working with customers to help mitigate their risk from cyber-attacks. Cyber security is changing, and is often not a ‘buy off the shelf’ solution, but involves working collaboratively and innovatively to prepare for attacks and combat them when they arise,” he says.
“You can think you have every type of system and process for security in place, but often it’s those working right at the coalface with sensitive information that can be the target, so the safeguards are important, but also is consistent education with staff on how they handle data and where the risks may be.”
“The Federal Government’s renewed focus on cyber security is critical to ensure we’re all equipped to deal with a cyber-attack; from government policy to industry involvement, and right down to working with those dealing with personal and sensitive information each and every day. We need to ensure we’re constantly on the front foot, no matter where the risk is coming from.”