PwC’s annual CEO survey, released in March, found that 95 per cent of Australian CEOs view cyber threats as the top threat to growth, compared to 85 per cent globally. In previous years, CEOs were far more concerned about issues such as over-regulation and skills shortages.
In fact, back in 2015 only 61 per cent of CEOs globally were concerned about cyber threats affecting their growth.
Driving this change in attitude is a better understanding of the stakes. Data is central to decision-making in the business, so as well as the reputational damage of a breach, an attack on your data can hamper operations well beyond outages, already a costly enough experience.
There’s also the drastic shift in the nature of cyber crime in the past few years. A confluence of factors set the stage for a ransomware explosion. As well as the geopolitical climate that made ransomware an attractive form of attack, you no longer need any technical knowledge to execute one — there are even organisations who will do it for you for a fee. And with the anonymity of cryptocurrency, getting paid is easier too. Thanks to the aforementioned importance of data, organisations are willing to pay larger sums of money than risk not being able to recover their data, so it’s not only easier to get paid, but more lucrative.
Working from home has also made many more vulnerable. This shift removed some of the protections of the office environment, and it also accelerated the blurring between personal and work devices, especially with mobile apps.
According to the Australian Cyber Security Centre (ACSC), a cyber crime is now reported every eight minutes in Australia, a 13 per cent increase in the past year.
More than a wall
If all of that wasn’t enough to demand C-Suite attention, looming legislation might. Amendments to the Critical Infrastructure Bill that is expected to be debated by the Senate this month will not only expand the range of organisations considered critical infrastructure but will introduce cyber security obligations. It also allows the Federal Government’s Australian Signals Directorate or ACSC to take control of a company’s systems after a cyber attack as “a last resort”.
Given the modern face of cyber attacks and the need to support the confidentiality, availability and integrity of data, the strategies and solutions needed to protect systems need to change. Cyber security is vital, but given an attack is more likely to be a matter of when, not if, we need to think of this in terms of one arm of a three-prong approach, that links cyber resilience and cyber recovery with it.
Instead of trying to throw a fence around a perimeter that is ever expanding thanks not just to hybrid work but edge computing, multi-cloud environments and IoT, you need an approach that secures what needs protecting most inside the organisation.
The first step is reducing the business risk of lost data from cyber attacks by the physical and logical separation of critical data from the environments at risk. Next is to modernise data protection with intelligent and automated cyber recovery that uses multiple layers of security and controls to protect data against destruction, deletion, or alteration. This creates an environment where you can use machine learning to efficiently recover “known good” data and resume business operations faster in the case of a cyber attack.
As the stakes associated with, and volume of threats, from cyber attacks grow, you need to rethink the solutions and services you use to ensure the highest levels of protection, integrity and confidentiality for your most valuable data and critical business systems. Quick recovery after a disruptive event is a critical step in resuming normal business operations.
Angela Fox is Senior Vice President and Managing Director of Dell Technologies Australia and New Zealand.