It’s easy to blame software vulnerabilities when reports emerge of yet another organisation falling victim to a cyber-security attack but human error, not insecure systems, continues to cause the majority of incidents.
Heard that cyber-crime and hacking attacks are on the rise and wondering whether your systems and security measures will withstand the assault when it’s your business’s turn to be targeted?
In 2019, Australian organisations of all sizes and stripes are under high tech siege from hackers and cyber-criminals intent on making mischief and money from their illicit access to critical business systems and sensitive personal and commercial data.
Already this year we’ve seen a slew of well-known brands and businesses announce they’ve been hacked or had, or experienced a reportable data privacy breach. They include the likes of Australia Post, Bank of Queensland, Kathmandu and online fashion house Princess Polly.
If their defences can’t withstand the challenge, is it likely ours would do so? is a question which can trouble mid-sized business owners whose cyber-security budgets are more modest than those of these household name organisations.
Homing in on the weakest link
For enterprises which take steps to reduce the threat posed by today’s greatest attack vector, the answer is yes.
I’m not referring to the software programs you use to run your business, although keeping these patched and protected is Cyber-Security 101 stuff.
People, namely your employees and associates, are squarely in the sights of hackers and cyber-criminals and ramping up your human defences is what will see the risk of an incident diminish.
Why is it so? An astonishing 95 per cent of cyber-security incidents kick off with a simple phishing attempt: the dispatch of an email encouraging recipients to click on a link, open a file or take some other form of action which will provide the sender with an ‘in’.
A decade or two ago, these gambits tended to be crude affairs; poorly written and sent scattergun style, with the hope one recipient in a thousand or 10,000 might take the bait.
No longer. Just as marketers have learnt that one-size-fits-all direct mail-outs are an inefficient means of attracting new customers, hackers and cyber-criminals have clocked the fact that a personalised missive is far more likely to hit its mark.
Accordingly, they’ve refined their approach and now put time and effort into researching their targets, and the organisations they work for, in order to craft credible messages which increase the likelihood of a click.
The proliferation of social media makes it easy for them to do so. Many Australians place a great deal of information about their business and personal lives on LinkedIn, Facebook and other platforms. All too often it’s open to all and can be used by the ill-intentioned to build detailed profiles of the individuals they plan to home in on.
Some hackers head straight for the top, targeting or impersonating senior decision makers in a bid to get access to sensitive data or to trick their colleagues into conducting unauthorised transactions at their purported say so.
Turning potential victims into cyber-sentinels
Education is the key to turning employees at all levels of the enterprise into cyber-security sentinels whose vigilance will ensure attempts to gain illicit access or advantage come to naught.
Regular awareness raising courses work well, particularly if the messages they impart are augmented by in-the-moment training for employees who’ve let their guard down.
A software program which alerts users to the fact they’ve clicked on a suspicious link and redirects them to an educational cyber-security game can reinforce the rules of safe email engagement far more effectively than a newsletter or memo.
Creating a culture of openness which encourages employees to question unusual requests, regardless of whether they emanate from a co-worker’s email account or the C- Suite, is also critical.
Many’s the spoof email or message from a compromised address demanding funds be remitted or data released that’s been headed off at the pass by a sharp-eyed recipient comfortable and confident enough to question whether the request is on the level.
Educating management about the need to improve the organisation’s cyber-security posture and encouraging employees to share stories about hacking and cyber-crime can reinforce the message that cyber-security is everyone’s business and responsibility.
Time to act
In 2019, the threat posed by hacking, cyber-crime and data breaches is real and rising and Australian organisations of all stripes ignore it at their peril. An incident can be disruptive and expensive – and damaging to your enterprise’s reputation in the longer term, particularly if customer data is compromised.
Utilising the latest tools and technologies to protect your core systems and enlisting the support of employees at all levels will see you best placed to flag and fight high-tech foe.
Mark Sinclair, ANZ Regional Director, WatchGuard Technologies