A cybersecurity incident affecting your business or organisation in Australia is no longer a matter of if but when. We tend to think that somehow we’re insulated from the biggest cybersecurity incidents here in Australia, but we use the same internet and the same technology that our international counterparts do. So, how big is the threat? What are our risks? How do we protect ourselves?
That will take more than this one post to cover but I’ll try to paint a picture for you. A recent report by Microsoft has estimated the potential direct economic loss from cybersecurity incidents on Australian businesses could be upward of $29 billion each year. Between fines, legal costs, and remediation, a large Australian business could expect losses of up to $35 million if a breach occurs.
We know that the majority of Australian organisations have already experienced a breach, and to make matter worse, those who haven’t may just not have realised yet. Because many data breaches can go unnoticed for months or years in some cases. The best example of this was the infamous Yahoo breaches in 2013 and 2014 which exposed 1.5 billion accounts. Amazingly, these breaches weren’t actually discovered until three years later when the user details were offered online for sale.
That level of ignorance can now get you into a lot of trouble when we consider the growing number of regulations that Australian organisations have to contend with. Australia’s Notifiable Data Breach Scheme means organisations are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach occurs.
Since the scheme went live last year, there have been 812 eligible breaches reported to the OAIC. According to their most recent quarterly report, 33% of breaches were attributed to human error, 64% were a result of malicious or criminal attacks, and 3% were due to system faults.
The introduction of the EU’s Global Data Protection Regulation could also mean huge fines for a data breach of an Australian business that has the any personal data of EU citizens stored. The worst offenders will have to choose between a maximum $4 million fine or 2% of their annual turnover – whichever is greater.
Inherent in these new regulations is the requirement to report what happened during a data breach, normally within a matter of days of the incident occurring. When we consider the fact that so many incidents go unnoticed for months or years, this then becomes a considerable problem.
Another issue is the fact that so many data breach incidents are the result of either careless or malicious employees. Verizon’s 2018 Data Breach Investigation Report (a global standard in cybersecurity research) revealed that 81% of breaches are caused by weak, reused, or compromised passwords.
Combine that threat with newer and more insidious viruses, malware, and phishing techniques, as well as the growing scourge of DDoS (Distributed Denial of Service) attacks using IoT devices, and there has never been a greater threat. Thankfully, Australian businesses also have access to world-leading cybersecurity tools that use AI and machine learning to spot suspicious behaviour in their network.
Staying one step ahead of the threat has never been more important, however, and cybersecurity should be a top priority for boards and exec teams, if it isn’t already. By understanding where your organisation face its greatest risks, you can begin making targeted investments in the tools that will allow you to minimise your risk as best as possible.
About the author
As the Managing Director of Aryon, my team and I are here to reduce the complexity for organisations who want to take advantage of next-generation networks, infrastructure and workforce technology. If you would like to discuss how your organisation can take advantage of new digital networks, infrastructure and technology without the added stress, please feel free to get in touch with me at firstname.lastname@example.org.