He says businesses must guarantee the security of their customers information and continuity of their online services.
Irvine, who is the only person to have headed ASIO and the Australian Secret Intelligence Service, will share his insights at a Perth USAsia and CCI Cyber Security Sundowner on October 12.
He will be joined by Ben Flatgard – who served in the Obama administration from 2009-2017 and founded security technology Cycise – and Gordon Flake, founding CEO of the Perth USAsia Centre.
Irvine says evidence shows small businesses have done little to mitigate cyber-attacks, but with mandatory data breach notification to come online from February next year they must protect themselves and their customers.
“Businesses that cannot guarantee the continuity of their online service to their customers or the security of the data that they hold about their customers will very quickly lose the trust of their customers,” Irvine says.
“Everyone must take cyber security seriously. That means doctor surgeries, accounting firms, legal firms and not simply those people sitting at the top end of town.”
Irvine says the biggest threats to business are ransomware, as shown by the Wannacry and Petya attacks this year, which shutdown hospitals in the UK and spread to businesses across the world including Australia.
Businesses also need to guard against phishing attacks, which are getting increasingly difficult to identify at first glance, Irvine says.
“Socially engineered phishing attacks that make it look like you are getting an email from your best friend and then open up on something that does your system over as soon as you open it up are getting more and more sophisticated,” he says.
“In terms of the presentation, the English, the formulations they use that convince you this is real or don’t alert you to the fact that it’s not real.
“They may come from people who you think ‘oh, I don’t know that person I’ll look him up on the internet’ and then of course there he is on the internet or Linkedin, so you think ‘oh that’s normal’.
His top three risks to protect against include:
- Espionage or theft of information
- Sabotage or disruption of your system for malicious reasons
- Using the internet to influence you by peddling fake information (it may not be a threat to your system but ultimately it could be)