By understanding the cyber threat landscape, the opportunities that a cyber criminal may look for, and how they go about exploiting an identified vulnerability, organisations can address potential risks and empower their business to succeed by securely taking advantage of the opportunity technology presents.
Governments globally have recognised the increasing risks associated with a cyber attack and are introducing or amending existing regulations so that essential services are better protected. Many organisations are looking to enhance their security capability in response to the increased volume and sophistication of cyber-attacks. According to the Australian Cyber Security Centre Annual Cyber Threat Report July 2021 - June 2022, Australia saw an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale.
Creating a sense of shared responsibility facilitated through clear communication across security, technology teams, the business and key partners can help empower business leaders to make informed decisions about balancing operational benefits and risk implications. Cyber security is ultimately a business issue and requires focus from everyone in an organisation.
Cyber security can be perceived as overly complex, but many risks can be reduced simply by improving the basics.
Keeping systems and applications up to date (patching), validating that working and secure backups are in place, allowing only authorised people access to information and systems, retaining information in alignment with policies and legal requirements is important.
As is testing your cyber incident response and business continuity plans, and educating teams on cyber risks and their role in protecting the organisation.
Modernising general security capability and increasing the use of cloud computing with the right controls can also help improve businesses’ cyber security position.
As hybrid work environments become the new norm, there is also a need for organisations to equip employees with the knowledge, tools and mindset to work safely, and share information securely. To build a cyber resilient business, it is not only critical to focus on identifying and protecting against cyber risks to key systems, people, assets, data, and capabilities. It is equally important to implement processes that support the timely identification of cyber security anomalies and events, and establish capabilities to respond to and recover from cyber attacks.
SIMPLE, ACTIONABLE TIPS AND INFORMATION
BUILD A HUMAN FIREWALL
Employees can be an organisation’s most important defence in blocking cyber threats, and as more people work remotely, having vigilant and well-prepared employees who can identify and act on cyber threats becomes increasingly important.
At a time when working from home has become the new norm, it’s never been more important to work securely and maintain visibility over how corporate and customer information is used, stored and shared. So how can you protect your business, people, information, and family when working from home?
MAKE A P.A.C.T
PAUSE
Before sharing information
Ask your employees to always think first before sharing sensitive information. And help them understand what is sensitive.
ACTIVATE
Multi factor authentication (MFA)
Turn on MFA for important tools such as remote access systems and resources (including cloud services)
CALL OUT
Suspicious messages
Let employees know what to do if their device is lost or stolen, or they observe anything suspicious.
TURN ON
Automatic updates
Ensure systems including phones, laptops, servers, virtual private networks and firewalls are updated with the most recent security patches.
AVOIDING BUSINESS EMAIL COMPROMISE
Given the sheer volume of emails, text messages, instant messages and social media messages we all send and receive, it’s not surprising we tend to act on things straight away, and sometimes overlook inconsistencies in correspondence.
Preventative and protective measures are simple, cost effective and immediately beneficial. ACSC is encouraging all Australian individuals and businesses to strengthen their email security by taking the following steps:
- Set secure passphrases for each email account.
- Set up multi-factor authentication.
- Exercise caution when opening attachments or links.
- Think critically before actioning requests for money or sensitive information.
- Businesses should establish clear processes for employees to verify and validate requests for payment and sensitive information, such as;
- Seeking supplier confirmation by phone rather than email if you receive a change of banking details from a supplier.
- Request two authorisations for payments to create an extra level of security, particularly for large transactions or those that are sensitive or urgent.
- Review how you update supplier details making sure employees are aware of the new or updated policies.
Although organisations can’t control what emails are sent by cyber criminals, they can introduce education programs to help staff recognise and report a range of suspicious emails – including Business Email Compromise. There are also many security tools available to detect a proportion of malicious emails, providing another control layer to your organisation’s security capability.