With the recent high-profile data breaches shining a spotlight on cybersecurity in Australia over the past few months, the latest study from Palo Alto Networks shows these attacks on companies have left 70% of Aussies feeling less confident in their cybersecurity protection than 12 months ago, with two in five now expecting to suffer a cyber breach in 2023.
Hence, it is now more important than ever for firms and individuals to be as best prepared as they can in the event of a cyber threat. In 2023, education and awareness of our digital safety and well-being are as critical as ever to help businesses become more cyber-savvy.
Cyber breaches can have a huge impact not only on an organisation itself but can also cause a ripple effect on its employees, stakeholders, and end-users. The cyber challenges businesses face are widely known, a lot focused on human and organisational issues. The human aspect of cyber security awareness is such a complex issue that cyber adversaries are looking to exploit from scam attacks to the spreading of malware such as ransomware.
How can firms best prepare teams for attacks in 2023?
With this in mind, it is clear that cyber attacks have the ability to affect everyone – from board members to small-medium enterprises to employees. Here are some top tips on how firms can best prepare their teams for a cyber attack in 2023, no matter what role you play within a firm, as every stakeholder has the ability to manage cyber threats accordingly.
Board Members and Company Directors
Even though board members and directors may not have a tech background, they still need to manage growing cyber threats effectively. Palo Alto Networks’ study found that half of Aussies think board directors or C-suite execs should be liable for their companies suffering a cyber attack – and to further this, 67% believe leaders should face fines and jail time where they have not taken reasonable steps to protect personally identifiable information.
Cybersecurity is an ever-changing and increasing risk to all organisations of all sizes, so leaders at this level must be astute to the impact of cyber threats to their organisation.
Company Directors should inform themselves about particular subject matters to the extent they believe is appropriate – cyber literacy should be the same as financial literacy and managed like any other risk the firm have to manage. There can be large consequences for failing to do so, not just at an individual director level but also at an organisation level.
Cyber risk management shouldn’t be in place for ‘if’ it happens, but as matter what ‘when’ it will happen. To best prepare for an uncertain future, members of a board and directors should implement a risk management strategy in order to identify and manage cyber risks.
This can include knowing the critical questions that non-technical directors need to ask their execs, but more importantly, being aware of new requirements like those under the Security of Critical Infrastructure Act 2018. Being aware of govt requirements is essential for any top leader in a firm as practices need to be filtered down and understood by the entire company.
SME Business Owners
Small to medium-sized enterprises (SMEs) make up the majority (98%) of Australia’s entire business landscape. And in recent years this segment has become increasingly exploited due to vulnerabilities in their security postures. This is typically due to the lack of knowledge, resources and skills within this group to develop a threat-prevention strategy.
As owners, operators, and managers of a small business or start-up, it’s critical to learn cybersecurity fundamentals around protecting customer data, avoiding financial loss, and ultimately mitigating reputational damage. Most importantly, you don’t need a technical background or a generous budget to achieve a robust security posture.
SMEs should prioritise embedding a safety-first culture within the business, with key steps in place to manage a cyber incident. This can be done experts by following these steps:
- Assessing potential risks – Business owners should identify, measure and evaluate risks. This can include looking into sensitive data or intellectual property, technology systems and processes, employees, contractors, and customers.
- Build Resilience – Detect and manage threats, plan your incident response, test your systems, and enhance your cyber resilience.
- Develop a defence plan – Adopt a plan to strengthen cyber security with practices, behaviours, and technical solutions best suited to your business. This plan should be regularly reviewed and updated.
- Create awareness – Creating awareness among employees to create a cyber security culture is critical. This could be done by developing a program that ensure their knowledge of cyber security is current, and they are aware of what to look for if it were to happen.
Decision-Makers and IT Professionals
With 44% believing that frontline tech workers should be held responsible for a cyber attack, according to Palo Alto Networks research, it is essential to create awareness and provide education on cyber security in order to create a safe workspace for your employees.
In many firms, it can be an issue that some employees don’t truly understand the risk of cyber security threats. Though it may not be relevant to their everyday work, with so many bad actors focusing on manipulating the end-user, it’s important for all users to stay aware.
This is why employees should receive regular training on identifying suspicious activity and encourage them to speak up and report suspicious signs. In addition to regular training, employees need to see cyber security prioritised in order to maintain proper security hygiene.
We have seen many firms incorporate cybersecurity as part of their workplace curriculum and regularly test the effectiveness of that training. An example of this could be phishing email testing. To make cybersecurity training engaging for employees, firms can reward individuals identifying all phishing attempts and report them to the firm’s security operations team.
These simple measures can go a long way to creating a security culture and environment where people feel comfortable coming forward if and when they may click on that link.
Everyone has the right to feel safe and secure online. Yet today, no individual or business is ever truly safe from the threat of a cyberattack. Whether it’s how to prevent a sophisticated ransomware attack on a small business or how to avoid a seemingly simple phishing attack, education is key to protecting our digital identities and business assets online.
Steve Manley is the Regional Vice President for Australia / New Zealand at Palo Alto Networks.