Author: Tim Valtwies
There are several reasons why the risk of a Cyber incident is such an important issue on the business agenda, as the increasing frequency, scale and impact of successful attacks cannot be underestimated. Australian legislation has been amended to include the Notifiable Data Breaches Scheme and the Government’s response to data privacy has also driven more interest and focus.
Assets
As highlighted at our recent Cyber Security Master class, as Business owners we need to think about the most important assets that your business has. According to Marcus Wong of Fortian, an Australian provider of IT security, privacy and risk services “Your crown jewels could be information on your suppliers, your people, your intellectual property, your professional relationships. It could be your systems, your uptime, your hardware and your infrastructure hardware control systems.” Identifying these assets is the start of being cyber ready.
Cyber risk
Cybercrime is escalating so focus your efforts and resources on high impact events that have a higher likelihood of occurring. You may need to think about offloading some of that risk, and again this depends on your risk appetite and where your business is in its life cycle. As with business processes, you have to assume that some controls will fail but that the rest will hold, so a multi layered defence plan is worth implementing once you have made sense of what really matters to your organisation.
Have a plan
Marcus Wong cites the ASD 8 as a good reference point. Published by the Australian Signals Directorate this recommends eight essential strategies to mitigate cyber security incidents, and why you should consider each of these.
Some more practical tips from the team at Fortian include “Provide security awareness training for your people, log and monitor everything so you can refer to it if needed, have a plan with context for short, medium and long term that includes defence in depth.”
We recommend you approach cyber risk the same way as you approach all the commercial and financial risks that your company faces - have an action plan to reduce and contain it as it can directly impact the value and reputation of your business. The plan must include a response to an event so that your business can be functioning normally again as soon as possible after an event.
