SPECIAL REPORT: As more businesses begin to embrace remote working, cyber security companies are warning workers to be aware of the risks they face online.
As more businesses begin to embrace remote working, cyber security companies are warning workers to be aware of the risks they face online.
Directors and executives at Asterisk Information Security and Diamond Cyber Security are urging businesses to be vigilant regarding risks to their digital operations amid workplace changes in response to the COVID-19 pandemic.
The warning from the two local firms comes less than six months after BGH Capital acquired them and 10 other Australian cyber security businesses, merging them into a new national entity called CyberCX.
Intended as an international competitor in the cyber security space, CyberCX will draw on the nation's accumulated expertise to ensure businesses can access well-resourced, local capabilities.
Cyber security adviser to former prime minister Malcolm Turnbull, Alastair MacGibbon, was appointed chief strategy officer of CyberCX after BGH announced its acquisitions in October last year.
He told Business News companies would need to recognise the threats arising from decentralising operations as they increasingly embraced remote working.
“These are going to be tough times, no doubt, and as a service provider we can use our scale that others can’t,” Mr MacGibbon said.
“This near-term, economic impact will accelerate that naturally occurring process, recognising that cyber security is more than just one person in an organisation or an IT team that looks at running patching and firewalls, to a sophisticated, cyber-risk resilient model.”
While some business managers may choose to focus on short-term cyber security measures as they respond to COVID-19, others, including Asterisk managing director Steve Schupp, said decisions made now would need to be consistently applied in the future.
Noting that clients in recent weeks had scrambled to ensure proper continuity plans were in place to support their offices working remotely, Mr Schupp said businesses should focus on cyber security measures as part of a long-term strategy.
“Broadly, one of the things we work with customers on is how they’re shifting their business online, whether it’s through a specific process or how more broadly they’re engaging with cloud providers,” he said.
“A lot of the work we do around cyber security is providing confidence that moving from traditional methods to digital methods is secure.
“COVID-19 is just going to be another dynamic business will have to contend with in the short term.”
BDO survey data from last year bears out Mr Schupp’s comments in regard to businesses generally devoting greater resources towards securing their digital operations, noting the adoption of chief information security officer roles had more than doubled since 2016.
However, Sven Ross, chief executive of Diamond Cyber Security, told Business News he often spent time working with clients as they reacted to minor, commonplace errors that could nevertheless compromise a business.
“People are still lax with password policy and not applying multi-factorial authentication,” he said.
“Once or twice a week we’re responding to a business email compromise incident where a client worries information from Microsoft Sharepoint has been extracted.
“They’re reactionary [problems]; I can set my watch to these incidents cropping up every Monday morning and Friday afternoon, unfortunately.”
Both Messrs Ross and Schupp expressed hope that CyberCX, once fully operational, would provide Australian businesses with comprehensive access to cyber security measures to aid them in their gradual shift into the online space.
Mr MacGibbon explained that by drawing on the expertise of national and local firms, the company would be able to provide adequate cyber security measures to businesses that might otherwise be underserved in the Australian market.
“Far too many [cyber security businesses] are fly-in, fly-out or based offshore, providing critical infrastructure to our government and businesses,” he said.
“That’s not sufficient in a world where cyber security threats are a key threat in any business’s risk register, and I say that in an environment where we’ve just had the worst fire season on record and now this COVID-19 pandemic.
“Cyber security is still going to be a key element going forward, and we believe it should be a sovereign capability.
“To have that, we need presence in every geography in Australia.”