This comes after the recent cyber-attacks across hospitals and aged care facilities.
Australian businesses have never been at a higher risk of having their operations disrupted and data stolen by criminals or state-sponsored actors after recent Australian healthcare and aged care providers were hit by cyber-attacks in recent days.
According to the Australian Cyber Security Centre (ACSC), between July 1, 2019 and June 30, 2020, the ACSC responded to 2,266 cyber security incidents and received 59,806 cyber-crime reports.
While fraud is the most common category, the ACSC acknowledges ransomware attacks on both large and small businesses as the highest threat.
Garth Sperring, Network and Security Practice Lead at Nexon Asia Pacific (Nexon), said the threats to Australia’s businesses are on the rise, yet most don’t have a cyber security strategy or resilience to recover quickly from a cyber-attack. This has left businesses extremely vulnerable.
“Cyber-attacks and security breaches are no longer only targeting big businesses and government departments or utilities – every business is fair game,” Mr Sperring said.
Businesses that do have dedicated IT security teams are most at risk of being exploited or held to ransom, according to Mr Sperring.
This was following recent comments by Assistant Minister for Defence Andrew Hastie who stated, “we need to start thinking about cyber as a battlefield”.
“Australian businesses are more aware now of their vulnerabilities and they’re looking to protect themselves, but the truth is most are not doing enough when it comes to protecting themselves from the growing number of threats and intrusions,” Mr Sperring said.
“A strong cyber security strategy is essential, and the building blocks for this are planning ahead and having a response plan in place should the worst happen. It’s encouraging to see that large healthcare providers have the necessary plans in place to engage external technical and forensic advisors as soon as they became aware of the incident.”
Businesses are advised to review their existing policies and processes for when something happens, as well as knowing who their response team is in the event of a breach and how to contact them can help mitigate these threats and ensure business continuity.
Nexon has invested in the people, processes and technology to help organisations successful combat cyber actors by deploying pre-empt, prevent, detect and respond measures.
Nexon has seen a large increase in the number of clients leveraging their cyber security training, including Phishing and Awareness training, highlighting an organisational shift in focus to pre-emptive measures compared to previous years.
“Most businesses rely on an IT service provider for backups, endpoint protection, cloud security, network security, detection and response and troubleshooting when anything goes wrong,” Mr Sperring said.
“Some businesses don’t have the budget for in-house security specialist and aren’t able to provide a comprehensive security monitoring solution. In many cases they would not even know if they were hacked or have the security experience to deal with the situation if the worst happens.”
He said all businesses should have a cyber insurance policy, as part of an overall risk management strategy, to help recover from any cyber-attacks.
Closing vulnerabilities and identifying the specific security controls required to protect against known attack methods is a great starting point – security is a continuous process and cannot be solved in a once off project.
“Businesses need to remain eternally vigilant to detect and prevent threats, reduce vulnerabilities and maintain visibility and control of their operational environment and data,” added Mr. Sperring.