The biggest questions need the boldest answers. That’s why we’re using our global scale, technology expertise and collaborative spirit to move towards a better today and a brighter tomorrow together.
Dr Praveen Gauravaram, Senior Scientist, ANZ, Tata Consultancy Services and Murali Natakam, Head of Cyber Security, ANZ, Tata Consultancy Services, look at how Australian businesses and government bodies are responding to an ever-evolving cyber threat landscape.
Posted: June 2021
New capabilities and the evolution of digital offerings have brought technology to the frontline when it comes to business. Out of necessity and in response to COVID-19, many Australians have turned to online platforms to interact and conduct business. This growing demand for digital-first solutions in Australia was reflected in the May Federal Budget, as well as the growth of online services by industry leaders in telecommunications, retail and finance, among others.
This increasing reliance on digital services and an abundance of sensitive data has created the perfect environment for cybercrime. With the ability to cause critical disruptions to government and industry alike, being able to effectively assess and respond to potential risks can help to protect against financial and reputational losses.
Q: What makes a business vulnerable to cybercrime?
As the role of technology in our personal and professional lives grows, so does the opportunity for cybercriminals to tap into the vast amounts of data being generated each second. The nature of online activity not only means there are no geographical barriers but also that there is a 24/7, constant opportunity to launch a cyber-attack. It only takes one missing link in a network to expose a business to potential threat from a new application that's not secured, malware downloaded by an employee from a phishing email or a device's connection to unsecured Wi-Fi. Inconsistent security processes are the biggest cause of network infiltration.
2020 was a year of change for many businesses across Australia with the pandemic driving a shift to online services to respond to movement restrictions and the demands from consumers. The reliance on digital services is reflected in the consumer response, with more than 5.2 million households shopping online in April 2020 alone. Meanwhile, according to the Australian Competition and Consumer Commission's (ACCC) Scamwatch, Australians lost a reported USD 176.1 million to scams, up by 23.1% compared to 2019. This upward trajectory reflects both the increasing amount of time Australians are spending online and the volatile global economy due to the ongoing pandemic.
Beyond the initial breach and loss of data, the results of a cyberattack on a business can be devastating for many reasons, including interruptions that affect business continuity, and eroding consumer trust can result in long term financial consequences. Particularly, any exposure of government agencies and large corporations to Advanced Persistent Threat (APT) attacks that remain on networks for a long time has consequences far beyond a political or financial gain.
Q: How is the government responding to the increasing threat landscape?
The nation is becoming increasingly tech-driven, a transformation that is underpinned by the Australian government's digital economy strategy and the recent USD 1.2 billion investment into new technology and innovation announced in the federal budget. Within this strategy are incentives and support for the digitisation of industries and business that sit within them. From a protection and prevention point of view, the federal government has programs such as the Cyber Security Business Connect and Protect Program, which awarded USD 6.9 million in grant funding to 14 SME cybersecurity businesses this year.
These investments play an important part in cementing the importance and role of digital solutions in the ongoing economic success of industries. It also helps to drive education around new technologies, the risks and how businesses can stay safe with the support of trusted strategic partners.
Q: How can a business assess its risk?
As businesses adopt new technology at an unprecedented rate, security measures fall to the sideline to give way to the speed-to-market objectives to meet consumer and corporate demands. With any new application or solution deployment within a network, existing security must extend or adapt to meet the growing needs of the digital ecosystem. Having transparency on a network's current state is essential to find weaknesses and address them with more robust cybersecurity solutions. Moreover, executives and board members should understand the cyber state of their enterprises to make the right business decisions that are highly impacted by cybersecurity.
Aside from making changes to the type of protection in place within an organisation, committing to ongoing education within an organisation on best practices, alerting issues and a crisis plan in case of a breach can help to mitigate risk. Staying on top of the latest threats along with the newest solutions available and the evolving risks can ensure that a business stays on the front foot to stay safe.
Learnings and best practices
- Business and IT need to work together to develop a business strategy and roadmap.
- IT and security need strong funding support to prepare for major incidents rather than just in response to a crisis.
- Businesses must be aware of internal and external threats during mergers and demergers.
- It's essential to have a solid foundation of basic security controls and simplify complex systems.
- Implement defensive in-depth technology controls.
- Maintain software ensuring all patches and updates are performed regularly.
- Ongoing cybersecurity awareness for the staff is essential.
- Be compliant with state and industry regulations, implementing best practice processes.
- Do a proper third-party risk assessment and supplier security assessment.
- Leverage the existing investments made in cybersecurity with IT.