Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

11 ways to protect your business from cyber crime

03:45pm August 14 2023

In the face of growing cyber threats, it has never been more important for businesses to protect their systems and networks. (Getty)

Behind the headlines of ransomware attacks on major Australian companies are some important lessons for all organisations as they face a world of growing cyber threats. 

From misappropriated passwords to fake audio and video calls, the work of cyber criminals is growing in sophistication and volume. The estimated annual cost of cyber crime in Australia has risen to $42 billion, according to consultancy KPMG. 

So what can businesses do to fend off the threats, and keep themselves and their customers safe? Westpac Institutional Bank put the question to some of the country’s most respected cyber experts. Here are their top insights.

1. Design your applications defensively

Some recent breaches appear to have involved unprotected application components, which trusted whoever had access. Unfortunately, if accessible to an attacker, they might be able to exploit that vulnerability to inappropriately access data. 

“Do not let any part of your systems or networks trust another part – instead, design systems to always explicitly authenticate,” says Simon Brown, Westpac’s head of cyber strategy and advice. It’s also essential to continuously collect systems activity data so that it’s easier to later assess what data has been accessed in an attack, he adds. 

2. Communicate clearly with customers and regulators

Fast and transparent communication is vital when in incident response mode, says Shameela Gonzalez, director and FSI industry lead at CyberCX. Stakeholders will become disgruntled if there are delays or a lack of detail on the extent of a data breach. 

3. Speed up software patching

The Australian Cyber Security Centre (ACSC) now advises businesses to apply high-priority security patches within 48 hours. Previous average response times were up to 90 days, so this is quite an acceleration for many organisations. Vulnerability scanners can help organisations to automatically gather information on missing patches in their systems and networks.

4. Ramp-up multi factor authentication

Many cyber security experts believe more rigorous use of multi-factor authentication (MFA), requiring users to provide two or more verification factors to gain access to a network or system, is key to preventing attacks. That means that stolen passwords are no longer enough for an attacker to break-in, significantly raising the bar on this popular attack technique.

5. No more passwords? 

Poor password management is blamed for many cyber attacks. Opting not to rely on them mitigates the risk of inadequate passwords, or the tendency of people to forget to update them, says David Lacey, managing director of cyber support service IDCARE. To get rid of passwords, companies must instead deploy smart devices that can recognise users, and then use MFA as a complementary security layer.

6. Get up to speed with privacy rules

The government has recently made changes to the penalty regime for serious or repeated breaches of the Privacy Act. Business leaders must understand the relevant Australian Privacy Principles (APPs), including when to notify affected individuals and the Office of the Australian Information Commissioner of a data breach, CyberCX’s Gonzalez says.

7. Factor in supply chain risks

A cyber attack on one of your key suppliers could quickly become a business disruption event for you, even if you have controls in place to prevent it becoming a cyber attack on your business, says Westpac’s Brown. Businesses can improve resilience by avoiding dependence on one supplier for any critical function.

8. Beware of the next big threat

Never be complacent about cyber risks because hackers are constantly seeking new ways to deceive victims. For example, artificial intelligence is being used in relationship scams to generate fake voices or videos of loved ones or other trusted people, and IDCARE’s Lacey believes the corporate world is vulnerable, too. “CEOs or other senior staff may be impersonated so criminals can gain access to systems. Rather than using an email, it could be a fake audio or video call instead.” Having a rigorous call-back process (and not just trusting the initial call – no matter how convincing) is a good defence against these kinds of scams.

9. Be alert for phishing and business email compromise

Almost three quarters of Australian organisations say they fell victim to an email-based cyber attack in the past year, and the threat continues to grow. Business email compromise, where a scammer gains access to someone’s inbox and then tricks others into sending money or divulging confidential information, is becoming increasingly sophisticated. Cyber training for staff has never been more essential as AI tools may help hackers write more professional scripts for email scams making them harder to recognise.

10. Fine tune your cyber security playbook

Discuss and document key cyber risk issues at board and management level, including whether your business would pay a ransom. The Australian Government recommends that a ransom should never be paid, however, for an unprepared company, the consequences of losing control might be unacceptable. If you don’t want to be in that position, ensuring you have a great, tested backup-and-recovery plan in place is critical.

11. Test your backup-and-restore systems

Testing your cyber security playbook can help safeguard important data, software and configuration settings. “Many companies have backups, but they’ve never tried a restore because it’s difficult to schedule while you're trying to run your business,” says Transgrid’s chief security officer Andrew Webster.

For more information, download this infographic from Westpac Institutional Bank:

11 key lessons from Australia’s cyber crime challenge
 

James Thornhill was appointed as editor of Westpac Wire in May 2022. Prior to joining the bank, he was a business and financial journalist with more than two decades of experience with international newswires. Most recently, he was a resources correspondent for Bloomberg, covering the mining and energy sectors, and previously reported on a broad range of topics from economics and politics to currency and bond markets. Originally from the UK, he’s had stints working in London, New York and Singapore, but is now happily settled in Sydney.

Browse topics