How companies can strengthen their weakest link in defence against cyber attacks

October 31, 2019

Article content

Cyberattacks are growing at an exponential rate.

According to the Privacy Rights Clearinghouse, 1.3 billion data records were compromised in 2018. And each breach comes with significant financial risk. The average cost of each breach is increasing every year, as the Ponemon Institute estimates each incident to cost almost USD$4million.

With the widespread adoption of digital transformation, organisations are increasingly experiencing disruptions that threaten to interrupt operations, damage reputations or compromise intellectual property.

So, what steps can businesses take to better protect themselves and what role can its people play?

Increasing vulnerabilities

Digital transformation is the new normal. Enterprises are increasingly investing in new IT and operations in an effort to improve their business performance. That investment is expected to see as many as 29 billion connected devices in use around the world by 2022.

It is inevitable that the convergence of cyber and physical systems will expose new attack vectors. In fact a recent Fortinet study found that, while around two thirds of organisations have begun their digital transformation journey, security issues are having a “somewhat” to “extremely large” impact across the majority (85 per cent) of these business.

Telstra’s 2019 Security Report shows that an organisation’s people might be the weakest link in the security chain. Nearly two-thirds of respondents were a victim of a security breach in the past year, often caused by inadequate business processes or employees with insufficient understanding of their company’s security posture.

Targeted attacks

Cyber criminals will often specifically target employees based on their lack of understanding when it comes to security best practices. For example, vulnerabilities can come from individuals being specifically targeted by ‘spear phishing’.

This attack involves contacting specific staff members via email or messaging applications, requesting information or insights they hold within the business. The attacker will often send the communications from a legitimate looking email or chat address, and may request that the unsuspecting victim urgently sends company insights, such as financial information or passwords creating a security vulnerability.

Businesses undertaking digital transformation need to ensure that valuable data is protected. One of the best ways to do this is to ensure all team members receive the latest security training, as well as providing updates and insights regularly to keep staff members educated on security threats and developments.

A focus on education and training

Organisations with formal training programs will likely have fewer incidents and contribute to improved security resiliency. Increasing awareness and training for staff will go towards mitigating the consequences of a breach, and reducing the potential for business damage. 

Telstra’s Disruptive Decision-Making Report reviewed business digital transformation priorities and found that while respondents ranked ‘Protect our digital assets from cyber threats’ as their number one priority, it achieved the lowest performance score for ability to deliver.

This disconnect shows that most companies recognise the importance of cyber security, but currently don’t have a good understanding of it to manage it effectively.

But the good news is that we are seeing progress towards involving senior members of the company, outside of IT, in security management. According to Telstra’s Security Report, 36 per cent of global respondents indicated that the number of executive and board meetings to discuss these issues, as well as the level of CEO involvement in cyber and electric security, is gradually increasing.

Transforming into a digital workforce requires prioritising more than technology and agility alone, businesses must also ensure there is enough training and education to prepare employees and partners for new business procedures.