Author
Claudia Nelson – with insight from Terra Firma’s Lead Cyber Security Consultant Sanjay Verma
Based on the latest assessment from the Australian Cyber Security Centre (ACSC), local Australian businesses faced losses of more than $33bn last financial year from cybercrime.1
There is no denying, Cyber security has become a top priority for all businesses and a challenge no business can ignore.
What does this mean for Australian businesses and Australian consumers?
Organisations are very well- aware of the cyber security challenges they are facing. However, Senior Management and Operational Leaders reveal that their organisations can find it challenging to set themselves up to effectively face cyber security challenges. Furthermore, organisations face an environment of uncertainty with budgets being limited after long periods of Covid-19 lockdowns.
Cyber security – an IT enhancement or business initiative?
Cyber security is often understood as part of the Information Technology function of a business. However, cyber security expands beyond Information Technology. Cyber security forms part of an organisation’s corporate culture, its governance and framework and its day-to-day processes – and most importantly – it forms part of how the people act and cooperate. In an ideal state, cyber security becomes business as usual (BAU) and part of the daily way of working.
Harvard Business Review’s (HBR) view is that “the best security solutions are built-in, not bolted on. This means giving employees guideposts to facilitate their decision-making without stifling their productivity and trusting them to succeed […] the goal is bigger than the tool: The point is to seamlessly integrate security into workflow processes without imposing new hurdles.” 2
In today’s digital world, traditional security measures like firewalls, DLP and malware products are fine but now is the time for organisations to move forward from that and use context-aware behavioural analytics along with defence-in-depth approaches, cloud computing and multi-layer Access, Authorisation and Auditing (AAA).
Emerging technologies like the Internet of Things (IoT), Artificial Intelligence (AI), Autonomous Vehicles (AV) are posing a Cyber Threat in today’s world. On the other hand, these emerging technologies are changing the way organisations operate. Modern cyber security systems are applying new technologies like AI to further enhance the cyber security environment for organisations. By leveraging big data and then learning usage patterns of different users, emerging cyber security systems are now providing unprecedented benefits to organisations.
Cyber Security and Digital Strategy
The development of digital strategy, building a strong IT and cyber security foundation is crucial. A robust cyber security framework is important for a secure operating and digital strategy environment.
It is not only about the organisation’s capability and secure IT framework – the customer is at the centre of decision-making. Data privacy and protection are top of mind for customers. Actively managing data and cyber security is crucial for organisations to protect customer data and to gain and maintain trust. Consideration and inclusion of these factors inform a strong digital strategy and cyber security framework, which is vital to all organisations irrespective of their industry sector or geographical locations.
What are the recommended actions and plans?
The key focus for developing and maintaining a strong and effective cyber security framework is building trust. Taking small steps is important to lead toward a larger goal. These steps are scalable, practical, and future-oriented, which is crucial for every expanding and flexible organisation.
Appreciating the importance of using all the work and material the organisation has already created, is key and forms the significant basis for developing a robust cyber security framework. There is no benefit in ‘re-inventing the wheel’. The objective is to build a customised model upon what already exists and work with the entire organisation to expand this work. The aim is to build and develop a mature and robust cyber security foundation and long-term program, which forms part of an organisation’s corporate culture.
But most importantly understanding this is an ongoing journey and customised model based on the individual organisation’s needs is key to success. There is no ‘one size fits all’ approach, especially not in the short term. Close cooperation and a peer-to-peer approach with an organisation will lead to a strong relationship built on trust.
How can Terra Firma actively support your organisation?
Terra Firma aims to be the Trusted Advisor and long-term partner working very closely with client organisations and their teams. The aim is to be the current and long-term cooperation partner – and not ‘just’ a Consultancy with a short-term view on engagement and deliverables. Cyber security requires a long-term, transparent program with the aim to embrace cyber security on a long-term journey.
As a first step, Terra Firma suggests working closely with clients to develop a ‘bespoke’ Health Check Assessment tailored to the organisation’s risk profile while still meeting the broader security governance, operations, and assurance requirements. The Health Check Assessment answers the burning questions that senior management needs to understand to wisely spend their budget and resource efforts.
Cyber security cannot just be an assessment or a project business conduct once every year. Cyber security forms part of the way an organisation does things, becoming a crucial part of an organisation’s corporate culture.
Sources
- www.itnews.com.au/digitalnation/news/australian-organisations-report-33b-loss-from-cybercrime-574487 (published 10/01/22)
- Harvard Business Review (HBR) – Cybersecurity is not (just) a tech problem (2021), https://hbr.org/2021/01/cybersecurity-is-not-just-a-tech-problem