How Australian CISOs can translate breaches into better cyber resilience

Australia has been in the firing line, with 2022 breaches hitting household names. Why is this? The ACSC notes that, with the highest median wealth per adult in the world, “Australia’s prosperity is attractive to cybercriminals,” which is concerning combined with the fact Australia only ranks 36th for cybersecurity, according to the Digital Quality of Life Index.

Sharks sniff out blood in the water – once data has been exposed, further threats open up. As more sharks’ circle, it’s vital CISOs know how to translate risk into better cyber resilience.

How can CISOs take action?

Mimecast’s State of Ransomware Readiness Report 2022 revealed 20% of surveyed Aussie firms had sustained 6 or more ransomware attacks in the past year, which was higher than any other country. There’s no sign of this slowing down. So, what can they do? Some top recommendations from the CISOs of Mimecast’s Customer Advisory Board include:

Focus on getting incident response right

When response is well-considered and planned out, you can protect shareholder value, and reassure clients, regulators, and the board. When building a plan, CISOs should be reviewing key threats and responses, specifying who is responsible for individual tasks or decisions and managing regulatory concerns. The plan should be signed off by separate departments – including communications, your legal team, and the C-suite, well before a breach happens.

Ensure security fundamentals

These entails awareness training, security configurations and patching, are regularly actioned. Although these don’t guarantee 100% security, it will limit the risk of being breached.

While it can be easy to get caught up in the doom and gloom, it’s also worth remembering recent breaches have not been sophisticated. For example, although investigations are ongoing, we know a misconfigured API gave a hacker an easy route in for the Optus breach, and for Medibank, compromised login credentials were used to access files.

Turn insights into hard data

Turn threats and insights into hard data, and convert the data into compelling narrative that resonates with board members – some who may not be as technical. While this means being selective about the metrics shared, it allows the CISO to make cybersecurity been seen as an opportunity rather than just a cost. For more, download Mimecast’s ebook here.

Nick Lennon is VP for APAC for cybersecurity and resilience company, Mimecast, which takes on cyber disruption for its tens of thousands of customers around the globe. Mimecast helps protect large and small organisations from malicious activity, human error and technology failure; and to lead the movement toward building a more resilient world.