Malicious cyber hits across Australia

According to the Australian CERT (set out in the 2012 Cyber Crime and Security Survey Report and reported online), more than a fifth of major companies reported being hit last year, 20% of them experiencing more that 10 security incidents. One organisation reported the theft of 15 years’ worth of critical data.

Three paragraphs in the above coverage stood out for me:

  • “Those companies that reported no cyber  incidents were likely to not have  detected them, the report says.”
  • “This is despite 90 per cent of respondents saying they use  anti-virus software,  spam filters and firewalls, and 65 per cent having IT security staff with  tertiary qualifications.”
  • ‘At a time when it only takes one naive employee clicking on a malicious email  attachment to breach a corporate network, the report found that ”many  organisations are not confident that cyber security is sufficiently understood  and appreciated by staff, management and boards”.’

Let me put this another way: what this report describes as taking place in Australia is also happening everywhere else in the world. The bottom line is: if your board thinks that cybersecurity is not an issue for your organisation, your board is naively putting corporate assets, reputation and competitive position at risk.