ASIC chairman Greg Medcraft warns cyber attacks are the next “black swan” events: How can SMEs prepare themselves?
Tuesday, March 21, 2017/
Australian Securities and Investment Commission chairman Greg Medcraft has warned businesses that a significant cyber attack could be the next “black swan” event.
Speaking at the 2017 ASIC annual forum, Medcraft voiced his opinions on the impact of cyber attacks, calling for further transparency and more reporting.
“What is frightening is the level of cyber attacks which go unreported, particularly denial of service attacks,” Medcraft told the forum, reports The Australian.
“It’s an enormous problem and there is not enough transparency around it.”
A black swan event is an unexpected occurrence or incident that has a major effect and is typically very difficult to predict. Despite conceding, “you’re not supposed to be able to predict one”, Medcraft maintained he could see one “on the horizon”.
“I do think that a cyber attack is the next black swan,” Medcraft said.
However, business IT expert and founder of Combo David Markus believes cyber attacks are not a black swan event for SMEs at all.
“For a small business it’s inevitable that you will be attacked. It’s not if you will be attacked, it’s when. It’s only a matter of time,” Markus told SmartCompany.
Markus believes SMEs don’t have the time or resources to properly invest in cyber security, believing “everything has a cost to it”.
“Small businesses still running their systems on their own sites can’t manage the systems well enough to make sure every section is impregnable,” he says.
“It’s a matter of filtering at every entry point for your data, from emails to web connections. While that’s possible it has a cost to it, and SMEs aren’t investing in those solutions.”
Ransomware and data security also an issue
The Australian reports Medcraft also discussed the prevalence and impact of ransomware attacks on businesses, saying it was easy for cyber criminals to get company’s details in order to send these attacks.
SMEs are commonly advised to educate staff on ransomware and its forms, but Markus believes that can be a big ask for many smaller operators.
“When you have frequent staff turnover you just don’t have time to keep training them on current threats,” he says.
Markus advises software solutions like spam filters and anti-virus software are better solutions for SME owners’ peace of mind.
Despite the government passing mandatory data breach notification laws in February, Medcraft still called for further reporting on cyber attacks.
He also discussed issues surrounding the use and storage of sensitive data, highlighting the risks of data being subject to cyber attacks.
“The growing use of technology to capture, store and analyse data increases the risks of that data being misused, and the systems used to capture and store the data being subject to cyber attacks,” Medcraft said.
Cloud storage and backups the solution
For small businesses storing their business’ data or customer data, Markus advises the best course of action is to look to pass on responsibility with to a larger company that stores data.
“The solution to most of this stuff sits with cloud computing. Put the responsibility in someone else’s hands and get it out of cold storage,” he says.
“If you’re using cloud-based technology the security stems from the security of your password and how regularly you change it.”
For all businesses wanting to safeguard themselves from potential cyber threats, Markus advises that regular backups can also save a lot of headaches.
“We have clients hit by ransomware every week, and our solution every time is to wipe the computer clean and restore from a backup,” he says.
“If you do nothing else backup your data frequently throughout the day. When everything’s gone, it’s your path to recovery.”