Cybersecurity: Are you really safe?
“ For every lock, there is someone out there trying to pick it or break in” - David Bernstein
On an international scale, cybercrime is expected to cost $6 trillion annually by 2021. Australian businesses alone have spent $29 billion per year to go towards detecting and resolving these breaches. This has huge implications on how businesses will run in the future as well as on our global economy.
While our adoption of the Internet of things(IoT) is not a new concept, with Covid-19, we are rapidly accelerating the rate at which our lives are going digital. Many companies including the Big 4 are being forced to adapt to this new “normal” of working from home environments rather than a secure office space, this means new priorities are set on strengthening online security. The current situation makes it difficult to monitor access to confidential company files, facilitate exclusive meetings and protect sensitive client information. Just through transferring data through the internet there is the risk of undetectable leaks and thus, exploitation.
How is cybersecurity changing?
Traditional cyber-security approaches rely on a reactive mindset where businesses manually fix breaches as they come rather than actively preparing for future cyber-attacks. On the other hand, hackers are becoming better at initiating large-scale automated attacks that have been planned years prior. While there are various market products designed for different threats, this “stop-gap” strategy lacks the fluidity needed to mesh these products into a solid cybersecurity foundation. Furthermore, these products are unable to provide a long-term solution that will actively detect and counteract new threats.
So what are the areas that businesses will be focusing on?
Shift to Automation: Securitising a business involves many tedious tasks beyond resolving cyber-attacks, shifting to automated detection systems can ensure all environments and networks are being constantly monitored in case of any breaches. While this may not help recover lost information nor find the culprit, detection enables the business to ensure no more data gets stolen.
Building a Core Cybersecurity Foundation: Having a stable base for cybersecurity teams to build up on will reduce gaps where the business is vulnerable as well as ease their transition into new platforms. In the long-term this will also help new software to collaborate efficiently.
Improving Cloud security: Many businesses are switching to the cloud, this means data will be stored on the internet rather than remotely. While this allows easier accessibility, it also means sensitive data can easily end up in the wrong peoples hands if cloud access is not restricted.
Developing a Recovery Plan: “The question organizations are facing is not if a cyberattack will happen, but when.” Cybersecurity initiatives are not only about prevention but also how businesses will respond and recover. Preparing for the worst will ensure that when an attack happens, the business can get back on their feet as soon as possible.
Leaning into Machine Learning: Hackers are becoming more advanced every day and some are even employing machine learning techniques to create more complex campaigns. Businesses need to start investing into developing tools that can counteract future attacks and that means leaning into machine learning.
What’s happening in Australia?
On August 6th, 2020 the Morrison Government announced Australia’s newest Cyber Security Strategy which will spend $1.67 billion over the next decade. This package includes many heavily funded initiatives including:
A $66 million program for the critical infrastructure sector to enforce a voluntary code of practice and detect network vulnerabilities.
$88 million to be invested into the Australian Federal Police(AFP) to incarcerate cyber-criminals and investigate cyber-attacks
Expanding AFP and Australian Criminal Intelligence Commission powers to monitor online malicious activity, especially towards offshore criminals.
Collaborations between large and small to medium enterprises(SMEs) to develop products that can block viruses, malicious software, and scams.
A public awareness campaign to educate households on the necessity to safeguard against online threats, paedophilia, and harassment.
$118 million to the data science and intelligence industry to “better understand and respond to cyber threats on a national scale”
In addition to cybersecurity, the government is also taking steps towards providing Australian businesses with financial stability within the digital economy. Recently, a new framework has been built to ensure transparency and fair revenue distribution to news media companies from tech giants such as Facebook and Google. Currently, these companies act as “platform monopolies” with unfair bargaining power and Australia is hoping to change that to benefit the sources that Facebook and Google rely on for content. The proposed paper highlights infringement penalties for breaching minimum commitments and not bargaining in good faith as well as requiring notice of algorithm changes that will impact online traffic.
Sources