Cybersecurity is the preservation of confidentiality, integrity and availability (CIA) of all electronic information (digital assets) in the cyberspace.
Cyberattacks, including the hacking of business websites and computer systems, are becoming increasingly common. These attacks can be extremely damaging to businesses, particularly if security is breached and confidential business and personal data becomes compromised. Cyberattacks, and the resulting security breaches, are part of a rapidly expanding international cyberthreat that costs companies and taxpayers billions of dollars each year in lost information and downtime, impacting staff productivity and the bottom line.
In the current local media, we have observed the fallout of thousands, if not millions, of records breached by an Australian software-as-a-service vendor that has provided human resources (HR) software to many well-known companies and government agencies. This one breach has the recruitment industry standing up and taking note. The threat of losing clients, ensuing lawsuits, along with the significant reputational damage, is real and may result in this company suffering huge losses, with a real potential that it may have to cease trading.
All company executives and the leadership teams are under increasing pressure to prevent these attacks and must act immediately to contain any damage once an attack occurs.
A cyberattack, as most readers will be aware, is an attack initiated from a computer against a website, computer system or individual computer that compromises the confidentiality, integrity or availability of the computer, or information stored on it. Cyberattacks take many forms, including:
- unauthorised use of a computer system for processing or storing data
- installation of viruses or malicious code (malware) on a computer system
- gaining, or attempting to gain, unauthorised access to a computer system or its data
- inappropriate use of computer systems by employees, former employees, or agency staff
- unwanted disruption or denial-of-service attacks, including the takedown of entire websites
- changes to the characteristics of a computer system’s hardware, firmware or software without the owner’s knowledge, instruction or consent
The procedures for investigating and responding to a cyberattack usually depend on the nature of the attack itself and how prepared an organisation is for such an attack. The response taken by the business will depend on the maturity, awareness and senior leadership endorsement for cybersecurity.
Conducting a cyber resilience assessment has many benefits and may enable:
- continuity of critical business process
- informed cybersecurity decisions to be made
- identification of vulnerabilities and mitigation of risks
- alignment of cybersecurity with the business plan
- compliance with regulatory, legal and compliance obligations
- understanding of the effectiveness of the organisation’s cybersecurity program
- development of strategy and budgets for future business plans and objectives
- recognition if the business is already compromised
- identification of critical supplier dependencies
- improvement of cyber awareness culture
A conversation with your cybersecurity staff or a trusted consultant can commence the journey to becoming more cyber resilient, with the first step progressing through an essential cyber resilient assessment that determines what is already in place to protect your digital assets.