Last month’s charges against 13 Russians and three entities with interference in the 2016 US election reminds us just how astounding recent revelations from US intelligence agencies are: that the largest democracy has fallen prey to manipulation from a foreign nation.
And all without setting foot on US soil.
That the manipulation happened on a digital level, with propaganda campaigns and email hacking, speaks to the heart of where we are most vulnerable in today’s society — our almost complete dependence on technology — technology that, due to its complexity, is often flawed and sometimes hard to protect.
Cyber resilience, then, must be the top priority — and not just for government and the sovereignty of our nation, but for the industries and businesses that keep our economy ticking over.
Every business, no matter how large or small, needs to be on top of this.
However, as the recently released Canon Business Readiness Index conducted by GfK Australia found, only 40 per cent of Australian businesses have implemented six or more of the Australian Signals Directorate recommended eight strategies to mitigate cyber security incidents.
This figure dropped to 12 per cent when it came to small businesses.
For too long, security has been an afterthought.
Fortunately — and unfortunately — massive breaches such as those from credit reporting agency Equifax that saw personal details of 145 million people released, or the much-publicised hacking of Hillary Clinton’s emails during the 2016 US presidential campaign, have raised awareness among the public.
These incidents have personalised the impact of breaches and the potential cost to individuals and business. And the cost to business can be crippling. The cost of the breaches to Equifax has been $87.5 million to date.
Closer to home, a report by Webroot last year estimated the average cost of a cyber attack to an Australian business to be $1.9m.
That’s not a cost many can bear. It’s an expensive Achilles heel and prevention is clearly better than cure.
As of February 22, new Data Breach Notification laws have come into effect.
This is a positive step aimed not only at ensuring trust is maintained between businesses and the wider public but also that responsibility is taken to ensure cybersecurity becomes a critical component of government and business operations.