According to industry best practice guidance in Australian Cyber Security Centre’s Essential Eight, a business's first step is to identify: what systems to protect, what information is likely to be targeted and how much protection is required.
Who is at risk? Every business is a target. Mid-sized businesses are particularly vulnerable as they are wealthy enough to be attractive without equal resources of large corporations to invest in defense.
What is the threat and potential cost to business? In IBM Security-Ponemon Institute Cost of Data Breach 2019 global report, a data breach in the last year cost on average $US3.92m ($A5.67m) and involved 25,575 records. In this study, mid-sized businesses were found to feel the effects of a breach much more sharply with average losses of more than $US2.5m ($A3.62m) on average.
When should you undertake cybersecurity reviews? If it hasn’t been done in your business, as soon as possible! A proactive approach to cybersecurity helps to prevent or contain the damage of a breach. Reviews should occur at a regular interval that is most appropriate for your business. It is best to begin with a health check or maturity review then conduct technical testing to plug any obvious gaps. With the knowledge acquired from these two assessments, you can build out a program of improvement that includes regular review intervals.
Where are you vulnerable? As noted in our UK cybersecurity report, vulnerability can stem from something as simple as not getting the basics right, such as using robust passwords. The most common causes of vulnerability are: supply chain, over-reliance on software, employees’ lack of understanding of their responsibilities and roles in cybersecurity.
How you can protect yourself? Unfortunately, there is not a single solution or software to solve this. Consideration and planning for optimal protection needs to address:
- People – educated staff
- Process – robust, appropriate approvals and safeguards
- Suppliers – a thorough understanding of what are they doing from a security perspective
- Technology – designed, configured, tested, implemented and kept up to date
How we can help? Our ultimate objective is to help you prepare and protect your business against cyber risk. We provide detailed, actionable insight that incorporates industry best practice and standards so you can strengthen your cybersecurity position and make better informed commercial decisions.
So what does that actually mean in practical terms? We work with you to understand your current cybersecurity state, detect threats and implement robust defences. We train you to prepare and deal with incidents and provide technical support. Should a breach occur, in addition to the financial and reputational aspects, we help you limit the damage, establish what went wrong, resolve the situation and then work together to prevent a reoccurrence.