* Boards only need to understand if the company’s assets are well protected and which investments make effective impact on risk mitigation. * Forget the Fear, Uncertainty and Doubt (FUD) rhetoric OR cyber jargon and instead get boards to focus on the need for priority action and a measured response (plus a budget) While this article speaks more to large enterprises, there are some key takeaways for small to medium organisations: With Australian boards having few directors that understand IT Risk, one wonders how the impacts of the recent Optus, Medibank, Woolworths Group / MyDeal and Australian Clinical Labs / MedLab data breaches will translate into action! "There is little doubt that cyber security conversations will be prevalent in Australian boardrooms in 2023"Ī recent MIT Sloan (CAMS) report found that just 54 per cent of board members at medium and large Australian companies are confident that they understand the systemic risks posed by cyber threats.
Software vulnerabilities (Common Vulnerabilities and Exposures – CVEs) worldwide - Makes sense that one of the #Essential8 controls is application patching, but are you doing vulnerability management in an automated manner?ĪCSC Annual Cyber Threat Report, July 2021 to June 2022 * A 25 per cent increase in the number of publicly reported Ironically, the last one sort of takes care of the other two if followed through! * Most ransomware attacks rely on poor password/MFA hygiene, phishing emails to deliver malware / compromise credentials and a lack of staff awareness training. Watch this space as tools like Ransomware-as-Service (RaaS) and criminal ecosystems continue to evolve - it just works against soft targets so don't be one! * Ransomware remains the most destructive cybercrime, but only accounts for a tiny 0.59% portion of eCrime. * Australia’s prosperity is attractive to cybercriminals - we have the highest median wealth per adult in the world (Credit Suisse) and our #informationsecurity maturity is lagging other digitally advanced nations - according to the National Cyber Security Index (NCSI) were no. * 76,000 cybercrimes reported to ACSC, up 13 per cent year over year, equating to one every 7 minutes! Only the tip of the iceberg as there is still an under-reporting problem. Here are a few nuggets I found interesting. Last month the Australian Cyber Security Centre #ACSC published their annual Cyber Threat Report and at this busy time of year I finally had some time to digest it fully.
0 kommentar(er)
