The risk of you falling victim to a cyber attack is about as likely as your odds of being attacked on the street, according to one Australia’s leading technologist.

The only thing is – you’re now in one of the most dangerous cities in the world.

“For most people, cyber security is a bit like your chances of getting mugged on your way to work in Sydney -- it happens but it’s unlikely to happen to you,” said President of the Australian Academy of Technology and Engineering, and former Chief Scientist at Tesltra, Dr Hugh Bradlow.

“But you’ve got to think of it not as living in Sydney but as living in Lagos, where you’d walk around with a bodyguard,” he said in reference to the Nigerian city, which the United States government last year listed as a ‘critical threat location.’

Bradlow spoke at a Canon Australia event in Sydney on Thursday to discuss the cyber security ‘battle’ businesses and individuals now face.

The mistakes

The discussion followed the release of Canon’s Business Readiness Index earlier this year, which found that technology is now regarded as the weakest link when it comes to information security.

In total, 44% of businesses listed technology as the greatest threat, ahead of people and policies.

In addition, half of small businesses described themselves as either ‘slightly’ or ‘not at all’ concerned about being breached.

Bradlow explained that the benefits technology provides to companies are now creating the greatest danger.

“That’s a fairly common problem -- people do something for convenience and then forget it’s actually connected to the internet.”

This was evident in the Business Index, which found that only 43% of respondents had their printer secured, opening another avenue for attackers.

Protecting yourself

Although vulnerability is at an all-time high, Bradlow assured the audience that there are plenty of ‘bodyguards’ to protect you.

He pointed to Australian Signals Directorate Essential Eight (ASD8), a cyber security mitigation strategy endorsed by the Department of Defence, as a framework to follow.

The ASD8 lists eight tactics for businesses to follow, including restricting admin privileges and daily back-ups, to ensure that if a breach happened, damage would be minimal.

Bradlow explained that some of these had to be viewed as non-negotiables.

“If you’re not updating and patching your software, if you’re not using two-factor authentication, if you’re not doing daily backups then you’re just plain being reckless.”

Despite this, Canon found that only 40% of Australian businesses had implemented six or more of the ASD8, while 12% of small businesses had not actioned any.

The ASD8 also calls for some stricter measures, like the whitelisting of certain applications.

However, Bradlow pointed out that a restrictive approach could backfire for certain companies.

“This means that you have very inflexible PCs or mobile devices, and all that does is encourage your employees to bring in their own devices -- and that presents another threat to your network.”

He urged businesses to be realistic about their security needs, saying major targets like banks cannot cut any corners, while smaller businesses can look for flexibility in their approach.