Security Market Segment LS
Monday, 13 March 2017 19:47

Aussie companies dragging the chain on managing cyber security risks Featured

Aussie companies dragging the chain on managing cyber security risks Image courtesy of Stuart Miles at

Australian companies are too slow to take the necessary action to mitigate and manage their cyber security risks, according to a newly published report that reveals that cyber crime is expected to cost the world in excess of $6 trillion annually.

According to the report, from professional services firm MinterEllison, cyber security can no longer legitimately be considered the domain of IT alone. It warned that cyber attacks can adversely affect other businesses in the supply chain, compromise the privacy of millions of individuals, and threaten economic well-being and national security.

“Yet business is not responding quickly enough,” warned Paul Kallenbach, MinterEllison technology partner and cyber expert.

“Cyber attacks can entirely shut down businesses, causing significant (and sometimes irreparable) damage to corporate and government reputations, relationships and systems.

"All organisations need to develop a culture of cyber risk management and look beyond the expectation of IT department taking the responsibility for risk mitigation.”

The MinterEllison ‘Perspectives on Cyber Risk’ Report 2017 revealed:

  •  A 100% jump in C-level concern about cyber incidents;
  •  One third of boards rate cyber risk in their "top five"; and
  •  Increased uptake of cyber security insurance.

According to Kallenbach, the 12 months since the release of the MinterEllison Perspectives on Cyber Risk Report 2016 had seen some of the most “devastating cyber incidents yet”.

“Every kind of organisation — government, state owned enterprises, public and private companies and not-for-profits — has been affected. In every industry — from finance, retail, hospitality and healthcare, to mining and resources, utilities, professional services and education — it's clear that no-one is immune.”

Kallenbach said that the rising risks associated with cyber attacks were being driven by the growing volume, scale and sophistication of the cyber security threat, in addition to an increasingly onerous Australian and global regulatory landscape.

He also pointed to an increase in organisational interconnection and interdependence as a result of the rapid adoption of cloud-based technologies.

“Cyber security has well and truly transcended the realm of the technical,” Kallenbach says.

“It is now a business, economic and national security priority, which requires that a culture of cyber resilience be woven into the fabric of public and private sector organisations' overall risk management approach.”

Referring to the 2017 report findings and concerns, Kallenbach pointed to a number of high profile incidents that occurred during 2016, including a US$81 million cyber heist involving an attack against global financial messaging system SWIFT, as well as:

  •  large data thefts from social media networks, including Tumblr (65 million accounts), LinkedIn (117 million accounts), (339 million accounts), Myspace (427 million accounts) and Yahoo! (500 million accounts);
  •  the attack against Panamanian law firm Mossack Fonseca, which resulted in the theft of more than 11 million documents, the subsequent resignation of Iceland's prime minister, and ongoing investigations into numerous organisations and individuals (including a number of world leaders);
  • distributed denial of service (DDoS) attacks against security researcher Brian Krebs, French media company OVH, the Rio Olympics online presence, the Australian Bureau of Statistics eCensus website, and domain name server company Dyn. The attack against Dyn was particularly devastating, disrupting internet connectivity for around 70 companies, including giants like Twitter, Spotify, Paypal, Airbnb and Reddit; and
  • the accidental exposure of the personal information of around 550,000 blood donors by the Australian Red Cross.

“Our ‘Perspectives on Cyber Risk 2017' highlights the need to embed cyber resilience in every organisation, yet key findings suggest this isn’t happening,” Kallenbach cautions.

"In our board survey, 44% of organisations responded that the board is only briefed on cyber security issues annually or on an ad hoc basis, while 13% of organisations said that the Board received no briefings at all.

"In our CIO survey only 52% of respondents indicated their organisations had increased their expenditure on IT security over the previous 12 months and that shows little change to the 2016 Report findings.

"Cyber resilience should be a key focus area for all organisations in the next 12 months. This requires deep Bboard level engagement with cyber risk; identifying the extent of the organisation's exposure to cyber risk (including due to supply chain risk); developing, implementing and testing procedures to protect the organisation from cyber incidents; and being able to deploy the resources (both technical and human) to identify a cyber incident in a timely manner, and to respond to and recover from an incident."

Key findings from MinterEllison were:

1.    Awareness of cyber risk has increased as the problem grows – but concrete actions have not changed;

2.    Despite concerns about the increasing cyber threat, organisations remain complacent about reviewing and testing their own cyber resilience (and the cyber resilience of their suppliers);

3.    Cyber security is still (wrongly) seen as being primarily an IT issue;

4.    The privacy landscape is changing – both in Australia and overseas; and

5.    The increasing uptake of cyber insurance indicates some willingness to act on managing cyber risk.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Peter Dinham

Peter Dinham - retired and is a "volunteer" writer for iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News