Typically, we associate doomsday scenarios with nuclear weapons or the Four Horsemen of the Apocalypse -- who could predict that they might in fact be digital?
It is impossible to escape that our world is now reliant on technology. No facet of our lives is left untouched. From something as simple as making a phone call to banking, education, healthcare and even the defence of our country – the WannaCry ransomware attacks have highlighted just how vulnerable our way of life has become. Technology has delivered us incredible advances, but also incredible vulnerabilities.
With over 300,000 people affected by WannaCry in more than 150 countries – just the most recent example of malware gone wild – this is not a wake-up call. We’ve been there, seen it and done it before – there is nothing left to wake up to. This is the reality of our technology-dependent society and it is telling that it has been predicted many times over, with little action taken.
Naturally, we have the benefit of hindsight – but as a society, we typically react after the fact rather than prepare.
One example is the crippling impact of WannaCry on Britain’s National Health Service (NHS), where cost-cutting measures led to the continued use of older, vulnerable, and unpatched versions of Windows.
And while the NHS is not to blame for being targeted, it does hold responsibility for not ensuring its systems were adequately up-to-date.
This is a lesson for all organisations – there is a duty of care to consider when procuring and maintaining ICT systems. While cost is an ever-present factor, issues of accountability, ethics and legal liability must also be considered whenever technology decisions are made. This is not a new revelation, it is an essential building block of the deployment of ICT systems.
Cybercrime is already the leading financial crime in Australia, with the average cost of an attack to an Australian business now reaching around $419,000, according to the Australia’s Digital Pulse 2017 report released last week by ACS.
If you or a colleague are accountable in your organisation for the security of your business-critical systems, ask yourself: Is this a cost the organisation can bear?
And yet despite continued news coverage of malware, ransomware, and cryptoware attacks, awareness among C-Suite executives remains low – only 6 per cent consider cybersecurity a critical issue, a statistic highlighted in the ACS report Cybersecurity: Threats, Challenges, Opportunities released last November.
The lesson is simple: when we sacrifice security on the altar of expedience or cost, we leave ourselves vulnerable to attacks that will increasingly have unforeseen consequences. This is an issue which is going to be compounded exponentially as we see the adoption of emerging technologies like the Internet of Things (IoT) -- in a world consisting of billions of devices all connected together through networks, the impact of malicious software could be catastrophic. This future might not come to pass if IoT devices were designed with security from the ground up, but to-date, many IoT solutions sacrifice security for functionality, or simply don’t consider it at all.
We can’t put the cat back in the bag, but we can start now to instil security-minded practices and reduce the potential of malicious software wreaking havoc with our business-critical systems – or worse, our nation’s infrastructure.
It is key for both Government and business to ensure attacks are reported and shared in order to allow other organisations to prepare and thus stem the flow should an outbreak occur.
But it’s not all gloom and doom.
Australia’s Digital Pulse 2017 report also highlights cybersecurity as one of several opportunities for Government to facilitate digitally-led growth and innovation. There’s also a role for business, with economic modelling suggesting a greater focus on cybersecurity by Australian business could increase investment by 5.5% and wages by 2%, as well as generating an extra 60,000 jobs by 2030.
It was also encouraging to see the recent Federal Budget include additional resourcing for Australian Federal Police cyber capabilities as well as funding for a Cyber Security Advisory Office, something the ACS Cyber Task Force has been calling for since 2011.