itb-au logo
Story image

Cyber alert: tackling the unseen risk that could sink your business in 2020

27 May 2020

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair.

Have you considered the existential risk a major cybersecurity incident could pose to your organisation? If the answer is no, you’re missing a trick.

Incursions can come in many forms – ransomware that shuts down your systems and locks you out of your data, malware that acts as an undercover spy stealing valuable company secrets, cybercriminals who monitor your emails for sensitive data, and ‘social engineers’ who manipulate your employees into disclosing their log-in credentials.

In 2020, the chances of falling victim to high tech crime are real and rising. The Australian Cyber Security Centre (ACSC) has latterly warned of a surge in COVID-19 themed malicious cyber activity. The agency has already received scores of cybercrime reports and responded to at least 20 cybersecurity incidents involving national suppliers and COVID-19 response services.

Counting the cost of downtime

So, how might a cyber incident impact on your business? Start by tallying the cost of downtime – the amount of business you’d stand to lose if you unexpectedly lost access to your core systems and the data they contain, for a day or several. 

A ransomware attack can place you in just this position: infecting your servers and systems, encrypting your business data – and demanding a hefty sum to unlock it all again. Refuse to pay up and you face the prospect of being offline for an extended period, unable to take orders, make deliveries, receive payments and pay staff and suppliers, while systems are restored from backup. 

Depending on the size of your business, you’re potentially looking at a five or six-figure sum – and that’s before you add the cost of professional assistance, to investigate the source of the attack and implement countermeasures that reduce the likelihood of recurrence, to your tab.

Writing cheques on the road to recovery

Post-incident investigation costs are just one of three financial imposts that typically accrue from a major cyber incident; the others being systems restoration and customer notification.

Restoring systems via backup recovery can take hours or even days to complete – and the result may well be incomplete, if a backup was not recently carried out. 

Your alternative – paying the nominated sum to have your systems and data restored – is an uncertain one. Faceless cybercriminals might fail to make good on their assurances after you’ve parted with your cash. And opening the company chequebook may encourage future incursions.

Keeping customers in the loop is another exercise that can be costly and time-consuming but very necessary. Australia’s stringent privacy laws require businesses with turnover in excess of $3 million to notify customers, and the Office of the Australian Information Commissioner (OAIC), the national privacy watchdog, of serious data breaches within 30 days.

Devoting resources to this process can be a good investment on another front – customers are less likely to take their business elsewhere if they’re provided with timely and transparent information about what went wrong and what you’re doing about it.

Putting a figure on data loss

How do you value the data that you keep?  Customer information – email addresses and phone numbers, driver’s licence and tax file numbers and the like – is a valuable commodity which can be on-sold for profit and used by the unscrupulous to commit identity fraud.

Being deemed to have not taken sufficient measures to safeguard this data or remediate a breach can cost you dearly. In 2019, the government announced its intention to increase the maximum penalty, currently $2.1 million, for serious or repeated breaches. It’s set to rise to $10 million or three times the value of any benefit derived from the breach, or 10% of the concerned entity’s annual domestic turnover; whichever is the highest. 

The loss of intellectual property that helps you maintain a competitive advantage – patented information, confidential commercial data and key customers lists, for example – can be an even more devastating financial blow.

The cost of losing your good name

The reputation of your business is also an asset worth preserving. Cyber attacks and data breaches can rarely be kept on the down low and, if your organisation is a prominent one, a major incident may well make the news. Case in point: Melbourne logistics giant Toll Group, which has hit the headlines twice this year, courtesy of ransomware attacks which forced the firm to shut down core systems.

Once you’ve acquired a name for cyber-insecurity, rebuilding customer trust can be a long and expensive process.

Prevention is better than costly cure

A successful cyber attack can have many implications for your business, including a price tag you may be unwilling or unable to pay. A comprehensive understanding of the risks and costs involved should inform your cybersecurity planning in today’s uncertain times and the months to come.

Story image
New Linius solution enables search and assembly of video meeting clips
The new product, “WHIZZARD”, will soon be available to Zoom, Webex and Microsoft Teams users.More
Link image
On 10 December, find out how data centers will fare in the face of climate change
From pandemic disruption to the urgency to address climate change, data center development in Asia Pacific needs to remain resilient and sustainable. On 10 December, join this webinar to learn about viable solutions data center operators can use to overcome environmental challenges. Register now.More
Link image
You’re invited: The secrets to workplace happiness in the post-pandemic world
It has been a rough year for workplace wellbeing, with disruption and health concerns worrying every employee. Join Poly’s A/NZ Kickstart 2021 on 10 December from 11am AEDT, where special guest Dr Justin Coulson will share secrets to workplace happiness in the post-pandemic world. Register now.More
Story image
ECI Software Solutions acquired by Leonard Green & Partners
"We are excited to welcome LGP as our new partner, and I am confident that this is the right choice for our future – and the future of our 1,700 employees and more than 22,000 customers.”More
Story image
Voice phishing attacks on the rise, remote workers vulnerable
There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.More
Story image
Cybercriminals are leveraging AI for malicious use
"At a time where the public is getting increasingly concerned about the possible misuse of AI, we have to be transparent about the threats."More