What executives need to know about combatting cyber attacks

14 September 2021 Consultancy.com.au 3 min. read
Profile
More news on

If you follow the news on cyberattacks in Australia, you know that their frequency is rapidly increasing. According to Accenture research, global cyber intrusions in the first half of 2021 were 125% higher than the same period last year, with Australia the third country where more incidents were observed, just behind the US and the UK.

Although the increase in attacks seems alarming, they are only a fraction of what we can expect in the future. Australia is already amongst the top 20 most digitised countries globally and is investing heavily to increase digitisation. This year alone the Morrison Government announced a $1.2 billion investment in Australia's digital future focusing on digital skills, artificial intelligence, investment incentives and data. 

Investment in digital services and the uptake in emerging technologies is a central focus for the Australian economy. A digitalised economy increases productivity and innovation by gathering and analysing vast amounts of information. The downside is that this immense volume of data can be attacked, stolen and misused. 

Mark Sayer, Cyber Defense Lead for Australia and Asia Pacific at Accenture

The Australian Government recognises that cyber security is crucial to minimise the risks of digitisation and has pledged to invest over $1.6 billion in cyber security in the next decade. The challenges, however, are enormous.

Despite the abundance of recent cyber attacks, many executives at top Australian companies have little understanding of cyber security. There is the perception that cybercriminals are still a group of disorganised hackers and that this is merely a technical problem.

Very few top executives understand that the cybercrime business model has evolved. Criminal groups have grown from small cells of four or five individuals to business-like operations that recruit and coordinate hundreds of hackers. These groups are becoming so sophisticated that they use PR-like tactics such as leaking information directly to journalists to generate news, turning up the pressure on companies to pay significant ransom demands. They are also moving from encrypting data and denying access to stealing data and leaking it online. 

Many CEOs discover that a cyber attack is the biggest challenge of their careers only when they are under one. These executives commonly think that criminals only infiltrate businesses with weak security, a perception that is manifestly untrue. The odds of cyber attacks are firmly stacked in the criminals’ favour. In any big company, a typical security manager needs to worry about thousands of security controls working all the time. The criminal only has to find one control that’s not working to be successful.

As cyber attacks morph from a risk to a threat, leaders need to prepare. The first step is to have tools in place to gather intelligence. They need to know in real-time what is happening across their organisation and the entire ecosystem. Current threat intelligence is vital. 

It’s also critical to ramp up defences with monitoring solutions and response capability to contain threats at speed and scale. Cybercriminals play a numbers’ game. Usually, if their standard techniques don't work in an organisation, they move on.

As no cybersecurity solution can eliminate all threats, organisations need to be ready for an attack and have a response plan that enables the company to re-establish operations as soon as possible. Recovery is essential in ensuring business continuity and strengthening the company's position when facing extortion, minimising reputational damage and reducing recovery costs. 

As Australia digitises, cybercriminals will increasingly learn new tactics and approaches. Business leaders will have to learn to live with this new normal for years to come, and it is imperative that effective risk management plans and strong defences are in place, or the consequences can be dire.

An article by Mark Sayer, Cyber Defense Lead for Australia and Asia Pacific at Accenture.