Welcome to another edition of Fast Five - our fortnightly series where we ask Victoria’s most influential and exciting industry leaders to unveil the challenges, successes, and behind-the-scenes operations affecting different industries.
This week, Zynet Managing Director and CEO Paul Turner discusses how the new digital world we find ourselves in, is not without risk. Businesses of all sizes and industries face a new threat in cybercrime which has the capability to cripple even the most robust businesses.
#1: What are the most common misconceptions businesses make regarding cybersecurity?
A common misconception is ‘it won’t happen to me - my data isn’t that important, and we are too small anyway’. This is precisely the reason why it will happen to you! The smaller you are, the less likely it is you will have invested in cyber security protections, and this makes you an easier and more likely target.
The reality is that without cyber security measures in place to mitigate preventable risk, you will have a data breach – it is not if but when this occurs.
Another common misconception is ‘my employees won’t fall for these scams’. When tested, this is invariably not the case.
One final common misconception, is that ‘the investment in cyber security outweighs the benefits’. This is old-school thinking that comes from a lack of awareness in quick, simple solutions that can have a significant impact on your protection.
#2: What are the cyber threats businesses are facing today?
The biggest threat businesses face today in terms of cyber security is credential theft and weak passwords.
We all use passwords to prevent unwanted access to our systems and data, however, there are online databases of billions of breached passwords! Attackers are using these breached password databases to ‘brute force’ their way into systems and networks - usually obtaining access in a matter of minutes.
In addition, there are many phishing or fake emails that request a user to enter their credentials to a typical site, these credentials are then siphoned off to the attacker to use later with seemingly-authorised access to a system.
It is also a likely assumption that if a password to one site or service is breached, that the user would have used the same or a similar password to another site or service, so a breach on one service often translates to breach on many services.
#3: What do the future of cyber security threats look like?
As more businesses become aware of their risk and they start to accept that an attack is inevitable, they will understand the importance of implementing protection. Cybercrime is a very lucrative industry with billions of dollars to be made and little chance of being caught. If this continues to remain the case, attackers will always be creating new and ingenious methods to breach systems and data.
We will see this taking the form of more sophisticated and realistic phishing attempts.
Already we see some cases of attackers watching communications and systems before attacking. By doing this, the communication and language people use is identified, and this language is mimicked to better impersonate a user and make a request or demand.
It is even possible now to fake a person’s voice or video. Fake voice or video calls from an authority figure will likely convince the victim it’s legitimate.
#4: With so many people now working remotely, what should businesses do to protect themselves and their staff?
All businesses that have staff working remotely need to urgently review their remote access methods as a first step. Unsecure remote access methods should be immediately stopped and more secure methods such as VPN should be enabled. All remote access methods should also require multifactor authentication and strong password policies.
Once this has been completed, a review of each user’s remote working environment should be undertaken to ensure that the home network is also secure. This was not something that many businesses considered in the rush to work remotely.
During COVID-19 and the initial stages of remote working, the focus was just to ‘keep the lights on’ in many cases.
Now that the dust has settled and businesses look to support a flexible working environment for their staff, the focus should be on ensuring that the remote working environment is secure just as they would ensure the office environment is secure.
#5: What do the cybersecurity and IT sectors need to achieve greater success
IT and cyber security sectors need a ‘seat at the table’ to ensure that all stakeholders are aware and understand the inherent risks within their organisations.
Being unaware of cyber security risks and lacking adequate protection has gone on far too long. Resilience and awareness is key to organisational survival.
Often Managing Directors, CEOs, and executives are inappropriately informed about the risks and the importance of engaging with cyber experts to identify and develop a plan to address them.
IT teams can be overwhelmed with ‘business as usual’ and critical security measures can be overlooked as a result. Engaging a Cyber Security specialist that can understand existing risk(s) and can advise on remediation options will strengthen the cyber security posture of all organisations. Immediately conducting an audit of the current cyber security risk exposure level is critical for every business.