Surge in cyber criminals targeting customer and employee records, while Australia’s C-Suite drops fo

Surge in cyber criminals targeting customer and employee records, while Australia’s C-Suite drops fo

Latest research from business advisory firm BDO into the cyber security landscape in Australia and New Zealand reveals that cyber criminals targeting customer and employee records surged by a massive 70 per cent and 54 per cent respectively since 2021. In addition, attacks damaging brand and business reputation have risen by 40 per cent over the same period.

BDO’s National Cyber Security Leader Leon Fouche said gone are the days where cyber attacks caused a system outage and some form of ransom demand to get it back up and running. Now companies are faced with data breaches and ransom demands which are more costly due to the reputational impacts and regulatory fines.

“Today, we cannot see a cyber attack as a possibility, rather expect to be attacked and have a plan and infrastructure in place to protect yourself. The reputational risk far outweighs any ransom that may be paid, with many large organisations still recovering from attacks years after,” Mr Fouche said.

Mr Fouche said the new research highlights a decline in the C-suite’s focus on cyber governance despite the significant number of cyber attacks on Australian companies in 2022. He said BDO’s previous survey - which tracked cyber security sentiment throughout the peak of the pandemic - showed companies taking a top-down approach to cyber security, making years of digital progress within months, boards that were more cyber-engaged than ever before, and a record number of Chief Information Security Officers (CISOs) being appointed.

“Our data from this year’s report paints a different picture. Despite multiple cyber attacks on high profile companies in 2022, which resulted in widespread data breaches affecting millions of Australians and New Zealanders, we see a decline in senior leadership’s emphasis on cyber governance,” Mr Fouche said.

“Proactive C-suite involvement through governance and oversight of cyber systems and processes is essential to ensure companies are prepared,” he said.

Mr Fouche added that the report also showed a downturn in organisational confidence to respond to an incident. “Although we saw increased confidence from 2020 to 2021 to respond to an attack, this past year we saw a substantial drop in response confidence, down by 18 per cent. A lack of confidence will only hinder an organisation’s ability to effectively mitigate cyber risk and recover from the incident. It is crucial that companies address the underlying challenges that are getting in the way of their ability to respond and mitigate,” Mr Fouche said.

“Our latest data highlights another concerning trend - a 17 per cent increase in the number of organisations that experienced one or more cyber security incidents that had a detrimental impact to their operations, coupled with a 5 per cent year-on-year increase in the overall number of cyber attacks since 2021,” he said.

“The next 12 months will present formidable challenges in the digital world. We have traditional threats, like ransomware attacks, that will likely persist as evidenced by the last seven years of survey data, accompanied by an increase in crypto-mining malware and phishing. But on top of that, we have cyber criminals learning to automate their attacks using artificial intelligence (AI) and machine learning (ML), which will make attacks more complex, targeted and harder to defend against.”

Mr Fouche said the research reveals a need for Australia’s C-suite to put cyber resilience back at the top of the agenda. He said companies must prioritise investment in quality security infrastructure and proactive threat detection systems, and ensure they have comprehensive incident response plans that have been tested and rehearsed thoroughly. “Companies must remain vigilant and continually adapt their security strategies – these criminals are only getting smarter and they are not going away,” he said.

“Furthermore, as businesses continue to outsource products and services, it is more critical than ever to have a clear understanding of supply chain risk, that is where data is stored and ensure clear oversight of security implemented by third parties,” Mr Fouche said.

“With remote working arrangements here to stay and organisations attempting to reduce their on-premise infrastructure, it was pleasing to see that over 60 per cent of respondents reported having cloud security policies and standards in place. Increased investments in cloud security is a trend that has remained a consistent focus over the years, and we expect increased uptake in 2023 and beyond,” he said.

“This is no doubt a challenging period for business with economic pressures pushing down and squeezing budgets at a time when significant investment in cyber government is crucial to defend again cyber criminals who now have the advantage of automating their work. Being cyber resilient involves accepting this reality and putting a plan in place to respond. The key here is understanding the specific threats that pose the biggest risk to your organisation and adopting an attacker-focused mindset, while keeping a watchful eye over cyber trends and updating your cyber incident response plans and security detecting and monitoring infrastructure accordingly”.

Download the report

Read the story in The West Australian: WA miners less exposed to cyber attacks, given systems are not directly linked to the internet | The West Australian

Read the story in Accountants Daily: C-suites must refocus on security as cyber threats rise: BDO | Accountants Daily