21 Nov

Mitigating Cyber Risks

While Cyber Security Awareness Month has just finished, we must remain vigilant about cyber risks.

We are in the fourth industrial age and have been pushed faster than we expected into digitisation and remote working. Those conditions create even greater opportunities for cyber criminals.

During the 2021-22 financial year, one cybercrime was reported every seven minutes to the Australian Cyber Security Centre (ACSC) – and that number is growing exponentially. According to McKinsey, cybercrime will be a $10.5 trillion industry annually by 2025. To put that in context, only the GDPs of the USA and China are likely to be larger than the illegal cybercrime sector.

As part of the Cyber Security Awareness Month promotion, the ACSC offered four simple steps to boost cyber security:

  • Update your devices regularly
  • Turn on multi-factor authentication
  • Back up your important files, and
  • Use passphrases and password managers.

We think there are three more things that are also important to do.

Conduct an overarching review of your cyber culture

As most Boards understand, responsibility for cyber security can’t just sit with the Chief Security Officer or Chief Information Officer – it has to be embedded within an organisation’s culture.

The solution involves building a fortress that is galvanized by strong, interconnected, well-functioning teams. Teams who speak to each other, work together, share resources and support one another in the one shared purpose – to protect the assets and survival of the organisation.

Make no mistake, cybercrime is a digital war you are fighting, whether you want to be a combatant or not. Because cyber criminals operate in an unregulated space, it’s critical that organisations fight back by investing in fit and agile teams, policies, processes, capability uplift and clear accountabilities, including in areas such as AI, BYO devices and remote working practices.

Invest in the ‘soft’ skills of your technical team

While the strongest cyber cultures feature decentralised accountability, responsibility and capability, deep specialist knowledge is typically only held by a few people.

Often, these people have outstanding technical skills and if promoted are often still honing their ability to communicate, lead and influence. These ‘soft’, learnable skills are critical for any technical leader who needs to translate the criticality of the situation to secure funding and resources, to influence behaviours that minimise risk and to effectively manage a breach.

Protect the wellbeing of your frontline teams

In the war against cyber criminals, frontline teams are our elite soldiers. When a cyber breach occurs, in-house teams work around the clock for days on end to try to contain and rectify it. Sometimes, it can feel like there’s no end in sight and – given the extreme reputational risk exposures – no one else who can help.

We’ve seen team wellbeing crumble as the weeks wear on. We’ve also seen how supporting frontline teams with pre-planned wellbeing initiatives – such as effective job design, crisis management, healthy meal options, sleep plans, mental and physical health support, and recovery programs – can offer much needed relief and help frontline teams continue to perform at an elite level.

How can JOST&Co help? 

Cyber security is a known business priority with ever increasing risk.  To help organisations defend themselves from cyber criminals, our team can step in and diagnose cyber weaknesses at a cultural level. We also offer leadership development for technical teams and leaders, as well as wellbeing programs for frontline data breach response teams.