Cyber Security As A Priority

How Relevant Is Cyber Security?

In this day and age, the number of companies that have not considered or implemented Cyber Security protocols yet is astonishing. Perhaps an even bigger concern is the extent to which individuals in senior management and IT roles pose questions such as: “But, why would we need that”? or “It’s not my responsibility, is it?”

However, the candid truth is that Cyber Security needs to be on everyone’s radar right across the organisation, and here is why: 

Prevalent Cyber Security Threats 

Data breaches and data leaks are the most common sort of cyber threat and can quickly escalate to a “high priority” concern. Recently, a range of companies have been subject to such attacks. For example, on 15 September 2022, Uber suffered a cyber attack by an individual claiming responsibility who shared screen grabs of various compromised Uber resources with the media and with security researchers. On a similar scale, Australian telecommunications company Optus lost personal information compromised in an attack, including names, dates of birth, addresses, phone numbers and in some cases passport or driver’s licence numbers. 

Similarly, charities collect and store sensitive personal information for the purposes of managing donations, subscriptions etc which often contain sensitive personal and financial data. These can easily be compromised in a cyberattack. Personal data is protected by law under the General Data Protection Regulation (GDPR) and is confidential and should never be disclosed or distributed. Cybercriminals are constantly looking at ways to attack, compromise and exploit weak IT systems, infrastructure, and databases to access sensitive personal data.

Some do this for their own personal achievement, some do so in order to sell the data on the dark web for financial gain. Any cyber breach that involves a data leak poses a significant risk for the people whose data was accessed, and the Directors of the organisation would be held liable for the data breach, which could result in substantial fines from regulators and potentially catastrophic reputational damage that could have long-term financial ramifications.

The risk of a cyber attack is increasingly becoming an everyday occurrence and this risk is further exacerbated by organisations supporting post COVID work from home (WFH) or hybrid initiatives, where a combination of new technology and staff behaviour could potentially provide rich pickings for sophisticated cybercriminals. At a bare minimum any organisation that is the custodian of sensitive personal data should conduct basic data security assessments to protect and prevent sensitive personal data from being disclosed. 

Cyber criminals can also attack unsecure websites which could also create a data security breach, where they can quickly take control of it and change it to emulate an online department store to fool unsuspecting visitors. The likelihood of this happening, however, is dependent on the strength of the security of an organisation’s website and how consistently internal and external user groups follow strong password and authentication protocols. In some instances of cyberattacks, the website and associated data can remain intact, but retrieving the data can be costly and time consuming. 

Vulnerabilities To Cyber Threats 

For many, putting Cyber Security measures in place means relying on and getting support from a third-party IT provider who helps you to navigate around the systems to prevent a potential threat. However, that is only part of the story. Cyber Security is the practice of protecting critical systems and sensitive information from digital attacks. Synonymous with information technology (IT) security, Cyber Security measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organisation. 

A company can claim, “they have XYZ in place for this” or ‘they have done XYZ for that.” The security measures they often refer to may be the latest technology system that’s been installed to protect against something unprecedented. However, it is the employees using the technology who can often be the weakest link in the chain. Mistakes can happen and sometimes cannot be controlled… but that shouldn’t be the case when it comes to Cyber Security, when there is so much at stake. 

Part of the problem is related to the depth of knowledge or the more often the lack of knowledge that employees possess on the subject. Hackers, phishers, and scammers often end up identifying pathways into confidential company data and accounts due to lack of employee training on Cyber Security protocols. On most occasions, the employees do know how to use a particular system but forget (or have no idea) what controls should be used to protect client and corporate data. So, a set of valid questions would be:

  • How knowledgeable are the staff on security protocols?
  • What is multi-factor authentication (MFA)? Is web filtering in place?
  • When was the last update made to antivirus or anti-malware tools or distributed software?
  • Who has accountability?  

Exacerbating the acute lack of awareness regarding guidelines on Cyber protection, is the absence of an accepted and recognised ‘Gold’ protection standard. The sparse guidelines that do exist vary enormously as does the realisation of ‘Industry best practice”. It is thus unsurprising that Organisations find it difficult to identify let alone follow a ‘standard’ methodology. 

How TORI Can Help

High emphasis should be assigned on the working relationship with a third-party Cyber Security expert or auditor assigned to a firm. As such, there are multiple facets to consider: Ensuring you have the right IT systems in place, with strong processes and security protocols; Regular training for all staff, so everyone understands and is fully appraised of the importance of this issue.  

At TORI we review the latest industry practices and artefacts to collate a layman’s guide on the steps you can take: 

  • Much like Health & Safety, responsibility for Cyber Security starts with you! Do not wait for “someone else” to “handle” it, take ownership it’s yours and your organisation’s reputation that is at stake. Any concerns have to be raised as soon as possible in order to act. Moreover, don’t wait for a threat to emerge before acting. Cyber Security does not have to be complex or prohibitively expensive and there are a wide range of supporting services available that TORI can assist you with, such as cyber assessment / advisory​​​

  • Cyber Security solutions come in all shapes and sizes. There are a wide range of solutions and services, and these can usually be tailored to meet the individual needs of the organisation. Networking with peers via industry lead bodies or reading about current cyber threats as part of continuing professional development (CPD) can help you narrow down which services you need to seek. TORI can help by providing up-to-date advice on the latest trends and services which are commensurate to your needs

  • Educate at all levels on Cyber Security policies and measures that need to be put in place. Regular training sessions and drills for employees can help ensure that each team member is equipped to put a strong security policy into practice

Ultimately, these steps are about doing something to either improve or initiate enhanced measures to protect your firm, its data and reputation. No firm can afford to wait to be a target for cyber criminals. Taking responsibility and action is key, and that can start with you, today. 

Cyber Security threats can vary from spear-phishing to insider attacks. We can help you with:​  

  1. Cyber Assessment & Advisory​​​ 
  2. Application Security Services​ 
  3. Security Implementations​

Read our case study – Group Security Strategy at a Global Insurance company 

References: 

Koziol, J. (2021). Most Common Cyber Security Threats In 2022. [online] Forbes Advisor.  

Rahal, A. (2022). 3 Ways Enterprises Must Evolve Their Cybersecurity Postures To Prevent High-Profile Security Breaches. [online] International Business Times. ‌ 

Scroxton, A. (2022) ComputerWeekly.com. Uber suffers major cyber attack.  

Taylor, J. (2022) The Guardian. Optus cyber-attack could involve customers dating back to 2017.  

Insights