Cyber security strategy starts from the top 

Cyber security strategy starts at the top. This could be at boardroom level for larger organisations, or executive/management level for SMEs. 

“Cyber security is increasingly listed as a risk on the risk register for corporate organisations,” Lumen IT General Manager Craig Tamlin says. 

“But even smaller organisations should be thinking about those risks to their business.” 

Quite often SMEs don’t. But just like understanding the tax, legal and accounting practices relevant to WA, you need to also consider cyber threats. 

"It’s quite often that very small businesses may not, but it's prudent on them that they consider risks,” Tamlin adds. “They don't have to do it every day — boards might look at their risk register every three or six months in a larger organisation.” 

Importantly, you need to look at how a cybersecurity event could disrupt your business.  

Tamlin says: “It’s valuable to look at all of the different ways that this could occur, the types of events, and say, OK, if this happens, then what does that mean for us?” 

 “People should be actively thinking about planning for cyber breach. Think when, not if.” 

Cyber security — the numbers 

The Australian statistics are alarming: 

• 92 per cent of Australian respondents to a survey experienced at least one successful phishing attack in 2021. 
• 80 per cent of Australian organisations said they dealt with at least one ransomware infection. 
• 64 per cent of Australian organisations have paid a ransom to access data – with half having to pay a follow up ransom. 
• (only) 51 per cent of Australian organisations provide cyber security training for their entire company (where the global average is 57 per cent). 

“Whilst the headlines speak to high profile cyber breaches resulting in $1 million in losses, most cyber incidents are less than $20,000 in value, and the impact is just as devastating to smaller organisations as large corporates,” Tamlin says. 

For more on threats see here.

The Essential 8 

The Australian Signals Directorate came up with a list called the Essential 8, which offers a basic guide to cyber security for businesses. 

Other primary mitigation strategies to immediately raise the bar, says Tamlin, include: 

• Cybersecurity training for all end users 
• Email protections 
• Anti-virus capability 

“We recommend that organisations build a portfolio of security controls that protect them from the strategies that are in the Essential 8, plus all of the normal issues that occur,” he says. 

Cyber security is everyone’s responsibility 

“One of the key messages that I always talk about is changing the culture in organisations so that everyone has a responsibility for cybersecurity awareness,” Tamlin says. 

Since cyber risk is not just in the domain of business, he says the advice he provides companies can be heeded by staff in their home lives as well as in the workplace. 

For more information on how to set up your organisation’s cyber security, or for a tailored training package, contact Lumen IT.