Expert-led tax essentials delivering practical insights and strategic foresight. Learn more.
It’s manual work, producing a tangible product. Not the first company you would expect to be a cyber attack target. Might not have even made a top 100 target list. However, in June 2021, JBS USA was shut down by a sophisticated cyber attack from an organised cybercrime syndicate.
The breach impacted more than the USA, with processing plants across the world, including Australia, shut down while global IT experts got to work to resolve the problem. Employees, retailers, shareholders and customers all had to wait in the dark to find out when operations would be up and running again.
In the end, JBS USA paid AU$14m in bitcoin ransom to decrypt their systems or stop their data from being released without their permission. JBS said this was a hedge against risk to its customers – although that’s quite a risk to take when your data is already in the hands of criminals and the horse has well and truly bolted. Not all ransoms paid end this way.
Now, as a business, JBS has invested a lot in technology and automation of their systems. As a global organisation, they have an extensive digital footprint. While I don’t know exactly what systems they did have in place, I think it is safe to assume that they have processes in place to protect against cyber breaches.
However, there are questions that can be posed in light of the breach that can be applied to any business before a cyber event occurs. How often is the cyber strategy reviewed? Had the IT team rolled out improvements that created new vulnerabilities? As the company grew and made acquisitions, did they conduct cyber due diligence or incorporate new businesses into the cyber fold? With the benefit of hindsight, what would the company do differently?
Cyber is an expensive business. Talking to clients and Boards, we know that this is sometimes a barrier, particularly for companies that don’t see the inherent value in their data, clients or IP. That cost is of course compounded hugely if your business experiences a hack or data breach – with latest figures suggested the average breach costs AU$3.35m in 2020.
Some questions for Boards and executives to consider are:
We are likely to see more cyber crime, more hacks and more ransoms in future – not less. More sophisticated criminals, and more vulnerabilities as companies invest in more tech. Ask yourself if your company truly understands your risks and has the appropriate protections in place to prevent your business from paying well above the odds for lack of preparedness.
There is a whole economy on the dark web built upon your stolen data – with an economic cost of approximately US$5t worldwide and US$1b in Australia alone.
Though ransomware is not new in the cybersecurity space, its implications can have substantial impact on businesses.
According to industry best practice guidance in Australian Cyber Security Centre’s Essential Eight, a business's first step is to identify: what systems to protect, what information is likely to be targeted and how much protection is required.
The 25 September Facebook data breach, suspected to have impacted around 90m user accounts is a wakeup call for social media users and the technology sector.
