According to Mark Mantakoul, general manager of Allcom Networks, securing against cyber crimes needed to be among the business community’s top priorities, yet for many it was not even a consideration.
“In today’s digital age, every business in any industry is vulnerable as cyber-crimes like hacking steadily increase,” Mantakoul said.
“Internationally, we are seeing an increase in the level of sophistication in cyber-attacks, including cases where hackers have intercepted emails, manipulated invoices and redirected payments to their own accounts.
“And unfortunately, most companies take a reactive approach to security, usually only thinking about it after a cybercrime or data breach has occurred which could see them exposed financially and reputationally.
“The message is simple – If they don’t start to take preventive action, Australian businesses are putting themselves at risk.”
Mantakoul pointed to recent data from the Australian Small Business and Family Enterprise Ombudsman and the reports released by the Office of the need for action.
The ASBFEO reports that 44% of Australian businesses are not fully equipped to deal with data breaches, while the OAIC reports that since February last year they have received 812 notifications of data breaches occurring.
The OAIC report shows 57% of the cyber attacks on businesses were of malicious or criminal nature, versus, 37% that were human error and 6% system faults. Other OAIC statistics highlight just how simple it can be for fraudsters and thieves to steal and manipulate an individual’s or company’s information, with 85% of data breaches reported containing contact information, 45% containing financial information, 35% IDs and 22% including tax file numbers.
Mantakoul said in addition to the potential reputational and financial impact of a cyber attack, the recent amendments to the Privacy Act around notifiable data breaches should prompt businesses to think about the issue before it happens.
“Recent amendments to the Privacy Act include an increase in penalties and requirements around notifiable data breaches, which should see businesses introduce measures to not only protect personal information, but focus on those directly affected,” he said.
“Not only could ill-prepared businesses unwittingly release sensitive information but could also face irreparable brand reputation damage and financial penalties if they don’t comply with the mandatory data breach notification requirements.”
With the amendments to the Act, these penalties will increase from the current maximum penalty of $2.1 million for serious or repeated breaches to $10 million, or three times the value of any benefit obtained through the misuse of information, or 10 per cent of a company's annual domestic turnover.
“Today, every business sector is vulnerable as criminal hacking steadily increases – across all industries including financial, law, manufacturing, construction, marketing, IT, health and logistics,” Mantakoul said.
“Based on the data available, our recommendation for businesses is to improve the security of their systems and technologies, increase cyber security awareness throughout the organisation and be prepared to act immediately in the event an attack occurs.”