People are considered the weakest link in organizational systems
The constant shift and improvement in technology can leave many businesses in a quandary as to what to upgrade too next. But even more important is the issue of cybersecurity. It’s one of the most prevalent crimes in society today and affecting every type of business.
The Australian Cyber Security Centre (ACSC) annual Cyber Security report (July 1, 2020 to June 30, 2021) revealed that ACSC received over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year. The increase in volume of cybercrime reporting equates to one report of cyberattack every eight minutes compared to one every 10 minutes last financial year. A higher proportion of cybersecurity incidents this financial year was categorised by the ACSC as ‘substantial’ in impact.
“We all know that security is no longer a nice to have but is critical to the success of organisations across all industries,” says Noel Allnutt, managing director at Sekuro. “Whether you’re a cafe with a POS system, a warehouse with smart machinery or a professional services company, everyone is now vulnerable to cyberattacks.
“Humans are considered the weakest link and the largest attack surface. Whether it be clicking on a phishing email, having poor passwords or using unapproved applications to store and send files, employees are an organisation's most vulnerable entry point into the network.”
While it might seem that the technology department or the IT company that you outsource too should be the sole decision maker in what software or hardware to purchase, it is vital that key stakeholders within the company, including human resources.
“Cybersecurity is now a board-level priority, which means a company's policy should permeate throughout every level of the business,” Allnutt said. “Whilst traditionally human resources hasn’t played a pivotal role in cybersecurity strategy, there are ways that human resource teams can ensure they are providing employees with the right knowledge and tools to minimise risks.
“For example, ensuring employees are taken through the company's cybersecurity policies should be a mandatory part of any onboarding process. To take this a step further, asking employees to sign a cybersecurity policy can also be a good way to make sure everyone takes it seriously. In addition, whilst investing in professional cybersecurity awareness training for all staff could seem costly, it could ultimately save millions in losses from cyberattacks.”
The ACSC report also discovered that ‘the accessibility of cybercrime services – such as ransomware-as-a-service (RaaS) – via the dark web increasingly opens the market to a growing number of malicious actors without significant technical expertise and without significant financial investment. No sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity. Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period – predominantly by criminals or state actors’.
All the more reason why cybersecurity needs to be communicated to everyone in the business, no matter what their role or their status.
“Another important way human resource teams can play a role is by setting up security awareness groups or leaders within the organisation,” says Allnutt. “Similar to the age-old fire warden, these groups would be responsible for ensuring security policies are followed in the day-to-day work environment by spotting poor practices and fostering a culture of security across teams.”
The ACSC report uncovered that self-reported losses from cybercrime totalled $33 billion in the reporting period with approximately one-quarter of reported cybercrime security incidents affecting entities associated with Australia’s critical infrastructure.
“A company’s cybersecurity is only as good as its least careful employee,” says Allnutt. “Whilst not a core function of the role, if human resources start to take cybersecurity more seriously and implement policies and procedures to match, then it will naturally permeate across the business and contribute to a stronger cybersecurity posture for the organisation.”
More than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information.
There is no doubt that cybercrime affects any business – big or small – and now is the time to take it seriously and communicate that message throughout the whole office to each employee.