With spending on cybersecurity set to increase dramatically over the coming years, it’s of little surprise to see it has become one of the biggest growth areas in Australian IT. Economic analysis[1] shows the sector has the potential to triple in size by 2026, with revenues projected to rise to AUD$6 billion. Yet it goes further. Cybersecurity has also been identified by the Australian Government as one of six industry sectors considered vital for the long-term prosperity of the Australian economy.[2]

And, it’s not hard to understand why this is the case.

Digital threats driving spend

Increased exposure and regulation of cyber risk, along with organisational drive to consolidate and safeguard digital business strategies are among the core driving forces behind this meteoric rise. And, there’s still much to do.

Ransomware attacks for example, are one of the biggest threats to Australian businesses, infiltrating systems when an employee mistakenly downloads a file or clicks on an email link for example. Research conducted by Cybersecurity Ventures suggests ransomware damages were predicted to cost the world more than $8 billion in 2018. Locally, 59 percent of Australian organisations have their business interrupted by cyber-crime every month.

Dramatic skills shortage compounds the cybersecurity challenge

Furthering the problem is a lack of skills and training of current security professionals and the wider employee population. Austcyber’s Cyber Security Sector Competitiveness Plan[3] highlights Australia may need as many as 18,000 additional cyber security workers by 2026. This will not only help the sector to realise its full growth potential, but to help combat the cybersecurity epidemic.

Many mid-market organisations lack the internal expertise to adequately and comprehensively secure their IT assets. This places an even greater reliance on outsourced vendors to provide managed services, helping to architect and implement solutions on their behalf.

The essential steps to a secure business

So, if you’re faced with limited resources, what can you do to help prevent the likely scenario of a cyber-attack?

1. Multi-factor authentication (MFA)

MFA is essential for most business IT systems or critical applications such as email and accounting. It’s easy to set-up and use – providing an extra layer of protection – and involves a device pretty much all employees have to hand – a mobile phone.

MFA generally combines two or more items. What an individual ‘knows’ e.g. a password and what they ‘have’ e.g. a device such as a mobile phone. Having a range of security defences makes it infinitely more difficult for someone to access company data for example. An attacker would need both elements to be successful at stealing any commercially sensitive information.

2. Cloud investment

Migrating critical applications to an established cloud service is usually safer than trying to run secure applications from your own servers. Cloud is a good option for many mid-sized organisations as digital service providers have already gone through the hard yards and secured their systems. They’ll have invested in security infrastructure, cyber security systems and expert operators as standard for all their clients. Additionally, strong expertise and skills usually sit within specialist cloud providers, given the depth and breadth of organisations they serve and regulations they have to meet.

3. Educate and train

And, last but not least, and perhaps the most effective form of security practice to implement is employee education. All too often, security breaches arise from human error. How often do we see emails containing sensitive information sent to the wrong individual? Or something downloaded that shouldn’t have been?

There are some very simple steps you can take and advise on. Train your employees to understand the value of having strong passwords – and, have regular cycles of password updates that include character variations (Ac1!”;). In addition to not clicking on, or downloading anything that appears remotely suspicious, causing malware to be installed on the network and across devices.

Getting the basics right – policy and procedure

While it’s true cybersecurity attacks are becoming increasingly sophisticated, more often than not, human error is the weak link in any business security defence. Ensuring the correct policies and procedures are in place goes a long way towards providing a level of comfort that you’re doing everything you can.

This is why documenting your security policies is critical for any sized business. Not only will you begin to understand the specific training requirements, checklists, and information you require to protect your organisation, but you’ll add a level of rigour and process that could help safeguard your business reputation and quite possibly, it’s very existence.

[1] Australian Cyber Security Growth Network (2017). Cyber Security Sector Competitiveness Plan.

[2] Australian Government Department of Industry, Innovation and Science (2017), Industry Growth Centres.

[3] Us Cyber – AUSTRALIA’S CYBER SECURITY SECTOR COMPETITIVENESS PLAN