16th November, 2014

Cyber risks shift from internal to external

A recent study from Ernst and Young (EY) has suggested that the main risks for Australian cybersecurity is shifting, with an increasing number of companies reporting emerging risks from outside the company.

While internal cyberattacks ranked highly in the study, there has been significant growth in the danger posed by those outside a company. Employees remain the leading cyberthreat, according to 57 per cent of respondents, but the next most likely source of an attack is criminal syndicates (53 per cent).

Other major external threats included hacktivists and lone wolf hackers – with these representing the third and fourth most likely original sources for cybercrime. With these attacks also becoming more costly, organisations need to find the right solution to this risk.

Faced with these threats, companies need to have the right approach. To help, here are two of the main ways that companies can ensure they are safe from cyberattacks.

Develop the right security process

Building a strong cybersecurity approach is incredibly important for businesses, with even small companies needing to take steps to prevent these attacks from interrupting their operations.

EY suggest that the first step is to define the boundaries of your company’s cyber presence, taking into account the extent of company processes that are stored online and the value of this data.

Once you have identified what is at risk and which data is the most valuable, it is possible to implement a cyber security programme that is structured around these different processes.

Have the right governance in place

Just as important as having the right security systems in place is having the right systems in place across an organisation.

Management within a company is often the best place to start. Cybersecurity requires a commitment from senior leaders to contribute towards protecting a business. Having policies and procedures in place can ensure that the risk of cyberattacks is minimised and that an emergency plan is in place in case an attack does occur.

Another option is to ensure that your company has the right insurance in place. Including cyber security protection within your business insurance policy can ensure that any significant interruption or financial loss can be claimed following an attack.

By taking these steps, companies can be sure they are not at risk, either from individuals within their organisation, or from cyber attacks that are originating from outside the business.

Author: Murray Bruce