New report reveals 68 per cent of businesses are vulnerable to a cybersecurity attack
36 per cent of employees fear their organisation is at risk of financial losses through cyber attacks
32 per cent feared loss of intellectual property
47 per cent say they need people who are trained to identify threats
In the last year, there has been a 60 per cent increase in ransomware attacks against Australian businesses. Now, a new report from a global risk management solutions provider reveals 68 per cent of Australian employees believe the organisation they work for is vulnerable to an attack.
The findings come from the 2021 Australian Business Assurance Report by SAI Global, a global leader in risk management solutions through its standards, assurance, and training offerings, based on a survey of 328 Australian employees.
Stephen Weekley, global cybersecurity expert at SAI Global, believes the COVID-19 crisis caused a dramatic shift in the way we work, exposing businesses to a greater range of risks than ever before.
“Government restrictions forced many businesses to rapidly adapt to remote working models which, in turn, created a range of challenges for corporate cybersecurity," Weekley said.
"The use of home WiFi networks, virtual meetings held on video conferencing platforms, and some employees having to use their own unprotected devices left companies vulnerable to an attack.”
The survey also found that employees from smaller organisations felt less vulnerable to a cybersecurity attack: 65 per cent of those who worked for a business with under 100 employees felt vulnerable, compared with 77 per cent of those whose business had more than 501 employees.
The myth that only larger businesses are the target of cyber attacks can lead to a false sense of security for small and medium-sized businesses. Approximately 144 reports of cybercrime relating to small businesses were reported every day to the Australian Cyber Security Centre in 2019, costing small businesses an estimated $300 million per year.
SAI Global's research highlighted the biggest fears plaguing Australian organisations when a cyber attack takes place. More than a third (36 per cent) of employees cited the financial losses that would occur as their biggest fear and 32 per cent said they feared the loss of intellectual property. While 18 per cent fear the loss of reputation and trust in their brand, only 7 per cent of businesses worry that they would lose customers.
To mitigate the risk of cybersecurity attacks, 47 per cent of employees say their organisation needs to ensure all staff are trained to identify and raise potential threats, while only 33 per cent say they need to ensure that cybersecurity skills and knowledge are retained within the organisation.
Employees also believe their organisation needs to improve their systems and processes to avoid a cybersecurity attack: 30 per cent agree their organisation require better processes to protect confidential information and better information security systems. Just 16 per cent of employees believe their organisation needs to have a cybersecurity insurance policy in place to help mitigate the risk of an attack.
"Across the board, cyber attacks are becoming more common and sophisticated – from email phishing scams and hacktivists (hackers fighting for social and political issues) to data fraud involving disgruntled employees, and attacks on users of video conferencing services, both through data theft and unapproved access to virtual meetings," Weekley said.
"As cybersecurity remains one of the biggest risks to an organisation, management and leadership need to ensure there are systems and processes in place to protect their organisation against attacks, and that employees are aware of the organisation's cybersecurity efforts, along with potential risks, and receive proper training.
“Not only can cyber attacks compromise an organisation financially, but it puts confidential and important information at risk, including private customer data. Businesses would be wise to undertake a comprehensive audit of their systems and processes to identify possible threats and vulnerabilities. It is also imperative for organisations to implement an information security management system compliant with ISO 27001. This can be a critical safeguard against cyber risks, as it provides a framework for organisations to protect against data breaches and ensure the confidentiality, integrity, and availability of information."
When designing and optimising a cybersecurity strategy, businesses can look to adopt standards and certify their information security management system. ISO 27001 provides a practical framework to help businesses identify and manage potential cybersecurity risks, continually improve controls to help safeguard the organisation against a potential cyberattack and fuel a culture of cybersecurity awareness - with everyone in the organisation taking an alert-but-not-alarmed position. Being ISO certified can provide an immediate boost to your organisation’s credibility and reputation, as well as a competitive edge. Not only does ISO 27001 align with global practices, it also meets DISP requirements for ICT security.
For more information on how organisations can strengthen their cybersecurity strategy with ISO 27001, visit SAI Global at saiassurance.com.au/iso-27001.