Artificial Intelligence (AI) is transforming cybersecurity. While AI enhances efficiency, it also introduces new security challenges. According to Gartner, 40% of data breaches will stem from AI cyber risk by 2027, highlighting the need for stronger cyber resilience.

AI cyber risk is not just a theoretical concern—it is already impacting businesses worldwide. From automated cyberattacks to AI-generated fraud, organizations must address these vulnerabilities before they become major security incidents.

Understanding AI Cyber Risk in Cybersecurity

The rapid advancement of AI introduces a new layer of cyber risk. Some of the most pressing AI cyber risks include:

• AI-powered phishing – Cybercriminals use AI to craft highly personalized phishing emails that bypass traditional security filters.
• Deepfake fraud – AI-generated deepfakes manipulate video and audio, making impersonation attacks more convincing. Learn more about deepfake fraud.
• AI-driven malware – Adaptive malware leverages AI to evolve, evade detection, and exploit system vulnerabilities.
• Data manipulation – Attackers target AI models by injecting false data, leading to compromised decision-making and increased cyber risk.
• Automated cyberattacks – AI enables large-scale, automated attacks that can overwhelm security systems within minutes.

How RiskLogic Helps Mitigate AI Cyber Risk

At RiskLogic, we help businesses strengthen their cybersecurity posture with AI-focused risk assessment services. Our AI cyber risk solutions include:

• AI Cyber Risk Remediation Plans – Identifying and addressing vulnerabilities in AI-driven security systems.
• AI Cyber Risk Control Assurances – Evaluating cybersecurity frameworks to ensure resilience against evolving threats.
• AI Cyber Risk Strategic Playbooks – Developing structured plans to mitigate AI-related security challenges.
• AI Cyber Risk Policies & Governance – Establishing compliance-ready security protocols for AI adoption.

Find out more about our AI Cyber Risk Assessment services at RiskLogic.

Why AI Cyber Risk Requires Executive Attention

AI cyber risk is no longer just an IT issue—it requires leadership oversight. RiskLogic provides board and executive training to help decision-makers:

• Recognize AI-related vulnerabilities and attack vectors.
• Implement governance frameworks to address emerging cyber risks.
• Navigate compliance and regulatory requirements for AI security.
• Strengthen organizational resilience against AI-driven attacks.

Best Practices for Managing AI Cyber Risk

1. Conduct AI Cyber Risk Assessments

Regularly evaluate security threats associated with AI models and applications. Learn more about the importance of AI risk assessments.

2. Establish AI Cyber Risk Governance

Develop clear policies and procedures for secure AI adoption while ensuring regulatory compliance.

3. Monitor AI Cyber Risk Threats

Use AI-driven security tools to detect and mitigate cyber risks in real time, preventing attacks before they escalate.

4. Train Employees on AI Cyber Risk Awareness

Educate staff on AI-driven threats, including deepfake scams, AI-enhanced phishing attacks, and automated cybercrime techniques.

5. Secure AI Training Data

Protect AI models from data poisoning attacks by implementing robust validation and security measures to prevent system corruption.

6. Partner with AI Cyber Risk Experts

Work with trusted professionals like RiskLogic to enhance AI security strategies, mitigating risks and improving cybersecurity resilience.

Why Businesses Must Act on AI Cyber Risk Now

The AI cyber risk landscape is evolving rapidly. Businesses that fail to address AI-driven threats today could face reputational damage, financial losses, and regulatory penalties.

With AI-based risks becoming more complex, organizations must take a proactive approach. Implementing strong security frameworks, governance strategies, and AI risk assessments will enable businesses to stay ahead of emerging threats.

AI cyber risk is both a challenge and an opportunity. The key is ensuring your organization is prepared to handle evolving risks effectively.

Stay ahead of AI-driven cyber threats. Let’s talk about how RiskLogic can help you develop a resilient AI cybersecurity strategy.

Navigating CPS 230: How Risklogic Empowers Organisations on Their Compliance Journey

As the CPS 230 Operational Risk Management standard takes effect, organisations regulated by APRA (Australian Prudential Regulation Authority) are facing a significant transformation in how they manage and mitigate operational risks. The new requirements, which were finalised in July 2023 and come into effect on 1 July 2025, presents both a challenge and an opportunity for organisations to strengthen their Operational Resilience.

At Risklogic, we’re working closely with organisations to guide them through the journey of aligning with CPS 230. While the deadline is fast approaching, it’s not too late to take decisive action. Here’s how Risklogic is supporting businesses to meet these requirements with confidence.

What is CPS 230?

CPS 230 is APRA’s new cross-industry prudential standard designed to ensure regulated entities manage operational risk, business continuity, and third-party arrangements effectively. Key requirements include:

• Operational Risk Management: Establishing robust frameworks to identify, manage, and mitigate risks.
• Business Continuity Planning: Ensuring organisations can maintain critical operations during disruptions.
• Third-Party Risk Management: Implementing strict controls to manage risks associated with outsourcing and third-party arrangements.

The standard applies to all APRA-regulated entities, including banks, insurers, and superannuation funds.

The CPS 230 Compliance Timeline

The final standard was issued in July 2023, giving organisations a two-year lead time to implement the required changes. The clock is ticking, with compliance mandatory from 1 July 2025. While many organisations have started this journey, some are still in the early stages, and time is running out to ensure readiness.

How Risklogic is Helping Organisations Navigate CPS 230

Here’s how we’re making a difference for our clients to achieve compliance:

1. Gap Assessments and Roadmaps

We begin by assessing where your organisation stands today against CPS 230 requirements. This includes:

• Identifying gaps in existing Operational Risk management, continuity planning, and material service provider framework.
• Developing a clear, actionable roadmap to bridge these gaps before the compliance deadline.

Our experts ensure you know exactly what needs to be done and when.

2. Strengthening Operational Risk Frameworks

CPS 230 demands a comprehensive approach to operational risk. Risklogic assists in:

• Design and/ or upliftment of tailored risk management frameworks to align with prudential standard requirements.
• Establishing monitoring and reporting mechanisms to track risks and ensure continuous improvement.

We ensure your frameworks not only meet regulatory expectations but also enhance overall resilience.

3. Enhancing Business Continuity Plans

The standard emphasises the importance of continuity of critical operations. Risklogic provides support by:

• Conducting business impact analysis for identification and documentation of critical operations and related sub processes.
• Developing and testing business continuity plans tailored to severe but plausible scenarios.
• Ensuring preparedness for quick and effective recovery from disruptions.

With Risklogic, your business continuity planning becomes a competitive advantage.

4. Management of Material Service Providers

Third-party arrangements are a key focus of CPS 230, requiring robust due diligence and monitoring. Risklogic helps by:

• Reviewing existing supplier and service provider framework and arrangements.
• Enhancing current frameworks to align with regulatory requirements.
• Establishing ongoing monitoring processes to ensure compliance and performance.

We empower organisations to confidently manage their third-party dependencies.

5. Training and Engagement

Cultural alignment is crucial for CPS 230 compliance. Risklogic provides:

• Training programs for staff at all levels to build awareness and understanding of CPS 230 requirements.
• Workshops for leadership teams to embed operational risk management into organisational strategy.

We help create a culture where compliance becomes second nature.

It’s Not Too Late to Act

While the CPS 230 compliance deadline is looming, there is still time to act. Risklogic’s proven methodology and expert guidance ensure your organisation can meet the deadline with confidence and avoid the risks of non-compliance.

The journey to compliance isn’t just about meeting regulatory requirements—it’s about strengthening your organisation’s resilience and protecting your stakeholders.

Ready to Get Started?

At Risklogic, we’re here to support your CPS 230 journey, no matter where you are in the process. Contact us today to learn how we can help your organisation navigate these changes and emerge stronger, more compliant, and more resilient.

📞 Contact Risklogic to begin your compliance journey today.

© 2024 Risklogic. All rights reserved.

Why Cyber Resilience Matters

In today’s interconnected world, cyber security is more critical than ever. From small businesses to large enterprises, organisations face an increasingly complex landscape of threats. Cyber resilience isn’t just about having the right tools; it’s about embedding strong governance, preparedness, and culture throughout every layer of the organisation.

How Risklogic Empowers Organisations

1. Strengthening Governance and Leadership

Effective cyber resilience starts with strong leadership. Boards and senior management must treat cyber security as a strategic issue, not just a technical one. Risklogic works with leadership teams to:

• Define clear roles and responsibilities.
• Develop comprehensive, long-term cyber strategies.
• Prepare for incidents with scenario testing and tailored incident response plans.

We ensure your organisation is ready for the challenges ahead.

2. Tailored Support for SMEs and NFPs

Small and medium-sized enterprises (SMEs) and not-for-profit organisations (NFPs) often face resource constraints. Risklogic offers cost-effective, practical solutions, including:

• Staff training on cyber hygiene and phishing awareness.
• Managing access controls for critical systems and data.
• Regular updates on emerging cyber threats.

Our support helps smaller organisations achieve resilience without unnecessary complexity.

3. Being Prepared for the Inevitable

Cyber incidents are a question of “when,” not “if.” Risklogic helps organisations prepare by:

• Running scenario-based exercises to refine incident response plans.
• Designing communication strategies to keep stakeholders informed.
• Addressing regulatory obligations with confidence and clarity.

Preparation ensures organisations recover faster while protecting their reputation and stakeholders.

4. Embedding a Culture of Cyber Resilience

The best defence against cyber threats is a culture where everyone is accountable. Risklogic helps organisations embed resilience by:

• Conducting engaging training sessions and phishing simulations.
• Building accountability at all levels, from the boardroom to frontline employees.
• Incentivising strong cyber practices to foster ongoing vigilance.

A resilient culture reduces human error and strengthens your overall defences.

5. Expert Guidance Through Recovery

When an incident occurs, quick and decisive action is critical. Risklogic guides organisations through recovery with:

• Crisis support to assist management with decision-making.
• Regulatory compliance to meet obligations.
• Post-incident reviews to identify lessons and implement improvements.

We help organisations recover and emerge stronger, ready for future challenges.

Why Choose Risklogic?

Cyber resilience requires expertise, foresight, and a tailored approach. Risklogic partners with organisations across industries to build bespoke strategies that align with their goals and needs. Whether you’re preparing for the future or navigating a current challenge, we’re here to help.

📞 Contact us today to learn how Risklogic can safeguard your organisation’s future. Together, we’ll build resilience that lasts.

 

In the modern digital realm, cyber resilience has surfaced as a crucial tool for the growth of any organisation. It’s more than a buzzword, presenting itself as a crucial aspect of the blueprint for organisations from diverse sectors, irrespective of size.

Cyber resilience is the capacity of an organisation to adequately prepare for, respond to, and recover from cyber threats. The aim is to cause as little disruption to operations as possible. Efficient cyber resilience involves an anticipatory approach to potential threats, lowering their overall impacts, and reinforcing an environment that can weather the storm of a cyber breach and still stand tall.

How though, do effective cyber resilience strategies function to protect your business? The answer is multifaceted – blending risk management, cybersecurity principles, and by promoting business continuity.

Read more down below to find a break-down of an efficient cyber resilience plan:

---

1- Anticipating Threats

The first line of defence in any cyber resilience strategy involves the proactive identification and prediction of potential threats. By leveraging intelligence-led insights and data analytics, organisations can stay one step ahead of cyber malefactors, safeguarding against everything from cybercriminals to internal threats.

The art of anticipation centers around the ability to recognise patterns and extrapolate potential future scenarios. This allows organisations to anticipate and effectively plan for an array of cyber attacks. Whether it’s phishing, ransomware, data breaches or insider threats, an efficient cyber resilience strategy prepares you for them all.

It’s also essential to realise that cyber threats aren’t solely external. Inside threats, whether intentional or accidental, account for a significant portion of cyber incidents. Threat intelligence can help in identifying and anticipating unusual employee behaviour that might indicate a potential misuse of access privileges.

Therefore, equipping your staff with the right kind of knowledge is extremely important. Regular training and awareness programs build a culture of vigilance, preparing your team to identify and respond to threats swiftly, thus mitigating any potential harm.

Being proactive rather than reactive in threat anticipation could be the defining factor between minimal damage and catastrophic loss. With robust cyber resilience strategies, your organisation is not only prepared for the threats of today, but also for the evolving challenges of tomorrow.

 

2- Implementing Robust Security Measures

The backbone of cyber resilience is a robust cybersecurity framework. This includes the use of high-tech firewalls, encryption that fortifies sensitive data, multi-factor authentication methods, and routine patching and updates.

A well-rounded and robust security framework goes a long way in fending off common cyber threats. Reliable firewalls function as the first line of defence, filtering out suspicious or harmful incoming traffic, while state-of-the-art encryption tools help safeguard sensitive data, both at rest and in transit.

The role of multi-factor authentication in providing an additional layer of security is vital in a resilient cybersecurity framework. By requiring more than one method of verifying a user’s identity, it greatly reduces the risk of unauthorised access.

Yet, even the most advanced systems are only as secure as their latest update. Regular patch management ensures your software is secured against known vulnerabilities, while constant updates keep your systems compatible and optimally functioning in a rapidly evolving digital ecosystem.

Having these tools and technologies available to your organisation is invaluable against threats that may have never been encountered before. As these threats are dealt with, they can be added to your resilience plans and anticipated more accurately in the future.

 

3- Training and Awareness

Perhaps the most effective tool against cyber threats is your people. A single ill-judged click on a malicious link can spell disaster, cascading into a myriad of unexpected cyber threat events. It is the responsibility of each individual to understand and abide by the principles of cyber safety. Regular trainings and routine awareness programs can equip your personnel to detect threats and prevent breaches.

The aim isn’t just to develop technical acumen but also to foster a culture of cyber vigilance that is ingrained in your day-to-day operations.

Training programs should not be designed as a one-size-fits-all model. Instead, they should be stratified according to different roles within the organisation. Frontline staff may require training that emphasises recognising and responding to phishing attempts, while management-level personnel might benefit from sessions focusing on recognising breaches of best practices tied to the use of customer data.

In addition, establishing clear communication channels for reporting potential threats is vital. Quick action in response to a well-informed warning can save an organisation from serious damage or downtime.

Cyber resilience isn’t simply about implementing technology but developing a proactive and knowledgeable workforce. With a well-trained and cyber-aware team, you can seriously strengthen your defence against cyber threats and fortify your business’s resilience, irrespective of the digital landscape’s dynamic nature.

 

4- Developing a Response Plan

No system, irrespective of the technology used, is impervious to breaches. Proper cyber resilience strategies are aware of this fact and include incident response plans in their framework. These plans are essentially blueprints that clearly define the course of action when facing a cyber-attack, reducing the response and recovery period.

In the unfortunate event of a breach, time becomes your most precious, yet fleeting, asset. Every second can make a difference between minor disruptions and major losses. Here’s where a thoroughly developed response plan comes into play. Detailed and planned in advance, these contingency mechanisms can help you spring into action without delay, saving precious time, and reducing the ramifications of the breach.

A sound incident response plan should map out clear responsibilities and escalation paths, ensuring no confusion arises during crisis scenarios. It ideally includes clear protocols for identifying and isolating the compromised component of the system, notifying the relevant authorities and stakeholders, and addressing legal or PR concerns.

 

5- Regular Testing and Review

Cyber threats are not a static enemy but instead evolve rapidly, becoming ever more sophisticated.

At the heart of cyber resilience lies an important principle – the constancy of change. As cyber threats continue to evolve and make use of increasingly sophisticated tactics, an effective cyber resilience strategy demands constant adaptation. This requires a cycle of frequent testing and reviews, allowing organisations to identify potential weak spots and make timely improvements.

Conducting periodic audits of your cybersecurity infrastructure and practices, checking for outdated software, flawed configurations, and potential vulnerabilities yet to be patched are all necessary in an evolving cyber landscape. It’s important to also ask the question continuously; are there emerging tactics or types of attacks that your current strategy may not be adequately equipped to deal with? Routine assessments help identify these, ensuring you’re not caught off guard.

Beyond technology, regular reviews should also extend to training and awareness initiatives. Are the existing programs effectively engaging employees? Are there ways to improve their reach or effectiveness? Such assessments can help keep awareness programs relevant and impactful.

 

---

 

RiskLogic distinguishes itself as a leader in providing cyber resilience solutions that are tailored, comprehensive, and potent enough to safeguard organisations amidst the rapidly transforming digital environment. Our cyber resilience solutions are specifically crafted to empower organisations to withstand cyber threats and swiftly rebound from attacks, thereby protecting critical operations, preserving reputation, and safeguarding the financial health of your organisation.

If an organisation is to flourish amidst an ever-evolving digital environment, robust cyber resilience quickly transforms from a mere option to a non-negotiable instrument in the arsenal, safeguarding organisational priorities and assets.

 

Contact RiskLogic to explore Cyber Resilience Management solutions

Learn More About Cyber Resilience Management

Within a digitally powered landscape, the labyrinth of cyber threats grows more potent and pervasive by the second for organisations. The evolving focus on cyber resilience management is meant to protect businesses from the potentially devastating consequences of cybercrime.

Cyber resilience is a rapidly evolving factor of organisation resilience that advocates for the capability to bounce back from cyber incidents swiftly and efficiently. It emphasises building an organisations ability to continue operations even during a breach while working towards full recovery. This resilience involves a detailed plan to respond to incidents, mitigating their impact, and restoring normal operations as quickly as possible.

---

Threats Faced by Modern Organisations

Earlier, standard security protocols were deemed sufficient, but an evolution in threats necessitates dynamic, end-to-end responses.

These threats range from internal data breaches, malware attacks, phishing, and ransomware, to state-sponsored cybercrime and Advanced Persistent Threats. They wreak havoc not just by disrupting operations, but by stealing valuable intellectual property and sensitive data, damaging brand image, and eroding customer trust.

Read below for some additional information about these threats:

 

• Internal Data Breaches: Often overlooked, internal data breaches – intentional or unintentional – can be as devastating as external attacks. These breaches could result from internal negligence, misconduct, or from a lack of adequate security measures and protocols.

 

• Malware Attacks: One of the most common cyber threats, malware refers to any malicious software used by cybercriminals to disrupt operations, gather sensitive information, or gain access to private networks. Variants include viruses, worms, spyware, and ransomware.

 

• Phishing Attempts: These attacks usually take the form of deceptive emails, text messages or websites that trick individuals into revealing sensitive information like passwords or credit card numbers. Sophisticated phishing techniques can even make convincing replicas of legitimate websites or emails from trusted sources.

 

• Ransomware: A potent form of malware, ransomware attacks encrypt a victim’s files, with the attackers demanding a ransom in return for the decryption key. Without compensation, the encrypted data is lost permanently.

 

• State-Sponsored Cybercrime: This involves cyberattacks initiated by a state or a state-sponsored group, often targeting critical infrastructure, economic assets, or government organisations of another nation.

 

• Advanced Persistent Threats (APTs): These are complex, stealthy, and prolonged threats usually driven by an intent of espionage or sabotage. Here, the attacker gains access to a network and stays undetected for an extended period.

 

All these developing threats call for a robust and dynamic approach to cyber resilience. Shifting from a defensive model focused solely on protection, to a more comprehensive and adaptive model that includes detection, response, recovery, and learning from cyber incidents.

 

What Cyber Resilience Involves

Under cyber resilience management, businesses prioritise the preservation of their critical functions through efficient incident response plans and robust data backup strategies, ensuring minimum disruption when a threat materialises.

Cyber resilience involves a multi-layered, strategic approach which encapsulates various elements:

 

• Threat Intelligence: Identifying potential threats and monitoring the cyber landscape is a fundamental step towards cyber resilience. Cyber threat intelligence helps in proactive detection, mitigation, and prevention of breaches, making organisations better prepared for potential attacks.

 

• Incident Response Plans: It is critical to have an effective incident response plan detailing the steps to be taken in the event of a cyber-attack. This plan should cover identification of the threat, containment of the breach, removal of the threat, and recovery of systems and data to bring operations back to a baseline of normalcy.

 

• Regular Data Backup: A robust and consistent data backup strategy is a crucial part of resilience. Regular backups ensure that an organisation can quickly recover and restore its normal functions after a cyber-attack – particularly in cases of ransomware attacks. Sensitive information should be stored in secure, off-site locations, and data integrity should be routinely checked.

 

• Advanced Technologies: Incorporating advanced technologies can bolster an organisation’s resilience. These technologies can automate security systems, detect potential threats, mitigate breaches, and enhance response times.

 

• Awareness and Training: Educating employees on cybersecurity best practices reduces the risk of internal breaches and helps in the early detection of external threats. Regular training sessions can keep the workforce updated on the evolving threat landscape and mould a culture of cyber awareness. You can learn more about RiskLogic’s cyber resilience management training and programs here.

 

• Vulnerability Management: Regularly scanning networks and systems for vulnerabilities and promptly patching them is another key aspect of cyber resilience. Untreated vulnerabilities can serve as entry points for attackers.

 

• Compliance and Regulation: Compliance with data protection and cybersecurity regulations add an extra layer of protection. Besides avoiding financial penalties, compliance ensures maintaining necessary security standards.

 

• Collaboration: It involves partnering with external cyber resilience experts that can provide professional advice and expertise, monitor threats, and assist in incident response.

 

• Recovery Strategies: After addressing the threat, attention needs to be shifted towards restoring operations, assessing damage, and implementing measures to prevent future attacks. Post-incident analysis can provide valuable insights to strengthen the cyber resilience strategy.

 

Impact of Remote Work & Cloud Technologies

The push towards remote working has accelerated the importance of cyber resilience within organisations, not only to shield the digital systems but also to ensure continuity in crisis.

This shift to remote working has vastly broadened the attack surface for cybercriminals as individuals access organisational networks and sensitive data from various locations and devices, often from less secure home networks. This has increased the risk of data leaks, phishing attacks, and malware infections.

Similarly, the rise of cloud technologies brings about its own set of challenges, such as misconfigured cloud storage, insecure interfaces and APIs, and the shared security model. The virtual nature of the cloud also creates vulnerabilities that can be exploited if not properly managed and secured.

Organisations now face the daunting task of ensuring every endpoint – be it a laptop, smartphone, or tablet – complies with the necessary data security protocols. Education also becomes critical to defend against phishing and social engineering attacks. Regulations regarding the handling of sensitive data outside of the office environment must be stringently outlined and enforced.

The migration to cloud-based technologies also comes with an inherent set of risks that must be mitigated with comprehensive cyber resilience. Misconfigurations in the cloud can expose sensitive data and render systems vulnerable. It is the responsibility of the organisation to secure whatever they put in the cloud, including applications and data.

Moreover, measures around data backup and recovery become paramount in a cloud environment, as data loss could result from both system failures and cyberattacks. Hence, having a sophisticated disaster recovery plan becomes crucial to restoring normal operations with minimal downtime post an incident.

Finally, visibility and control over the cloud environment, while keeping pace with changing compliance requirements, needs continuous monitoring and updates. Tools that provide insights into cloud operations and enable real-time response to potential threats are necessary to maintain effective cyber resilience.

While the leaps toward remote working and cloud technologies bring unprecedented advantages in terms of efficiency and scalability, they also heighten the need for a strong cyber resilience strategy. This requires coordinated efforts across every facet of the organisation, coupled with advanced, adaptive technologies that ensure data integrity, privacy, and continued operations under all circumstances. As the landscape evolves, reaffirming the commitment to reliable and resilient cyber protection will be key to organisational success in the digitally connected future.

 

Consequences of Cyber-Attacks

High-profile breaches have resulted in significant financial losses, reputational damage, and even organisational closures. These incidents serve as critical reminders of the indispensability of cyber resilience management.

The following are a handful of possible consequences facing organisations as a result of poor cyber resilience in the face of a cyber-attack:

 

• Financial Losses: A cyberattack can impose severe financial consequences upon an organisation. These may stem from; costs associated with resolving the immediate impact of the attack, operational downtime, fines imposed due to non-compliance with data protection regulation, or loss of revenue due to customer doubts and attrition.

 

• Reputational Damage: Cyber breaches can provoke massive reputational harm to an organisation. In a digitally driven world, news of data breaches spreads quickly, causing customers, investors, and stakeholders to lose trust in the business. This loss of confidence can be catastrophic, often leading to a loss in market share or stock value, making recovery a monumental task. A recent example of this was the Optus data breach back in 2022.

 

• Customer Churn: Following a cyber breach, customers are likely to feel their data is not secure and might choose to take their business elsewhere. This loss of customers not only affects immediate revenue but also long-term customer loyalty and potential future earnings.

 

• Intellectual Property Theft: Cyberattacks often target and steal an organisations intellectual property, which includes anything from trade secrets to proprietary technology. This stolen information can end up in the hands of competitors or be put up for sale on the dark web.

 

• Legal Consequences: Depending on the severity of a breach and the nature of the exposed data, an organisation may face legal actions resulting in hefty fines, lawsuits, or regulatory penalties. For example, breaches involving personally identifiable information (PII) can lead to lawsuits claiming negligence.

 

Cyber resilience is not just an IT concern, but a business-wide imperative, with every employee playing their role in safeguarding the organisation against potential cyber threats.

 

Fostering a Resilient Culture

Organisations are recognising the importance of fostering a resilient culture among employees. The shift towards robust education, routine simulations, and reinforcement of safe cyber practices has cultivated an improved resilience posture across many businesses.

Creating a culture of cyber resilience goes beyond the IT department; it’s about instilling awareness and responsibility at every level of the organisation. As mentioned before, every individual plays a crucial role in protecting the organisation against cyber threats. Here are some ways companies are working on fostering such a culture:

 

• Cyber Resilience Education: It is imperative to keep employees informed and updated about the evolving cyber landscape. Regular training programs, workshops, and online training focusing on various cyber threats, potential vulnerabilities, and risk management techniques are becoming a norm in many organisations. Such training not only makes individuals aware of their role in maintaining cyber resilience but also emphasises the importance of vigilance and prompt action.

 

• Real-Time Simulations: Simulated cyber-attacks offer a practical and effective way to evaluate the organisation’s response mechanisms and gauge readiness.

 

• Safe Cyber Practices: Policies and guidelines regarding safe cyber practices need to be implemented and consistently enforced. These could include rules for password management, use of company devices and networks, handling sensitive data, and more.

 

• Incident Reporting: Implementing simplified and transparent processes for reporting and responding to cyber incidents ensures immediate action and reduces the likelihood of issues escalating.

 

• Learning from Incidents: When cyber incidents occur, they can offer valuable insights. Organisations are analysing these incidents, learning from the loopholes exploited, and taking corrective actions to improve their resilience against future breaches.

 

• Rewarding Responsible Behaviour: Incentivising individuals for responsible behaviour can further encourage engagement in cyber resilience. This could come in many forms, such as recognising individuals who report potential threats or successfully thwart attacks.

 

Fostering a resilient culture is not merely a necessity but a strategic imperative for businesses. It strengthens the human firewall, mitigates risks, and enables organisations to swiftly bounce back and thrive even in the face of adversity.

 

---

 

The Ever-Increasing Need for Cyber Resilience

The reality of the digital age is that cyber threats are inevitable. Despite the best efforts of organisations to avoid breaches, it’s only a matter of when, not if, they will experience a cyber-event. Cyber resilience comes into play by acknowledging this reality and preparing organisations not just to prevent, but to effectively respond, recover, and learn from these events.

The financial implications of cyber incidents are another driving force behind the growing necessity for cyber resilience. With the global cost of cybercrime projected to reach $10.5 trillion annually by 2025, the financial stakes have never been higher. Beyond the immediate costs of response and recovery, businesses also grapple with regulatory fines, potential litigation, reparations and the long-term effects on business valuation due to data breaches.

Moreover, regulatory bodies around the world are increasingly recognising the importance of cyber resilience. Compliance with burgeoning regulations can be immensely complex, but a well-executed cyber resilience strategy can enable organisations to meet these regulatory obligations more efficiently.

With the cyber landscape constantly changing and new threats emerging constantly and existing ones evolving, building cyber resilience allows organisations to stay a step ahead of these challenges. It is not a destination but a journey that demands continuous learning, adaptation, and improvement.

 

Contact RiskLogic to explore Cyber Resilience Management solutions

Learn More About Cyber Resilience Management

Cyber resilience is rapidly becoming a crucial aspect of the modern digital landscape. Yet, due to its complexity, there are various misconceptions that create a fog of misunderstanding around it.

Effective cyber resilience management involves the ability to anticipate, prepare, respond, and adapt to cyber threats while protecting business operations.

---

Myth 1: Cybersecurity and Cyber Resilience are the same

It’s an all-too-common misconception that cybersecurity and cyber resilience are identical concepts. While they might appear to tread the same ground at first glance, there are significant differences that distinguish them from each other.

Certainly, both cybersecurity and cyber resilience are aimed towards the same goal – the security and integrity of your digital systems. They are both crucial countermeasures in the world of rising cyber threats, where the digital assets of businesses have become targets for hackers and malicious actors. Nonetheless, the approach and focus difference between the two are what sets them apart.

Cybersecurity, on the one hand, primarily focuses on prevention. It includes the technologies, procedures, and measures implemented to fend off cyber threats. It ensures that robust protocols are in place to prevent unauthorised access, use, disclosure, disruption, modification, or destruction of information. Some strategies under cybersecurity include the use of firewalls, antivirus software, and secure passwords. Cybersecurity encapsulates the realm of making systems impermeable to breaches and maintaining the confidentiality of valuable information.

On the flip side, cyber resilience concentrates more on management, response, and recovery. It not only recognises the importance of protective measures but also acknowledges the reality that no system is completely foolproof. Cyber resilience, therefore, advocates for the capability to bounce back from cyber incidents swiftly and efficiently. It emphasises building the business’s ability to continue operations even during a breach while working towards full recovery. This resilience involves a detailed plan to respond to incidents, mitigating their impact, and restoring normal operations as quickly as possible.

While both cybersecurity and cyber resilience work hand in hand to shield businesses from cyber threats, they have different roles within the bigger picture of online protection. Cybersecurity aims at denying entry to threats at the doors, while cyber resilience plans for the scenario when these threats bypass the prevention measures and get inside. Hence, they are most definitely not the same but two sides of the same coin.

 

Myth 2: Investing in Advanced Technologies is Enough

Investing in the most advanced technology is a great step for businesses to fortify their systems against cyber threats, but it is not the one-stop-shop many believe it to be. The belief that advanced technologies are the be-all and end-all to achieving cyber resilience is a dangerous myth that can leave enterprises vulnerable to breaches, losses, and cyber-attacks.

The biggest reason behind this false belief is a fundamental misunderstanding of what cyber resilience truly means. Yes, advanced tools are a crucial element in the management of cyber resilience. Indeed, security software, robust encryption protocols, next-generation firewalls, anti-virus systems, and many other high-tech solutions provide an added layer of protection against many cyber threats.

However, these advanced technologies are not standalone solutions. They form the first line of defence and can help shield and limit the reach of would-be attackers, but they cannot singly guarantee genuine cyber resilience. Cyber resilience is not just about preventing a cyber-attack; it’s about how your business can still function effectively and bounce back swiftly should an attack successfully penetrate these initial lines of defence.

An overall resilient strategy is multi-faceted and takes a 360-degree perspective on cyber protection. The ability to quickly restore and recover your systems after an incident is paramount to maintaining business continuity. Without a plan for recovery, businesses could face extended downtime, which can lead to significant financial losses and reputational damage.

Another critical aspect often overlooked is data backup. Regular data backups ensure that even if there’s a successful cyber-attack that leads to data loss, the stolen or damaged data can be recovered from backed up sources. Therefore, a resilient business should have well-established backup facilities in place.

Moreover, investing in incident response planning is a non-negotiable part of building a cyber-resilient business. It’s not enough to have preventative measures; organisations need to plan for a potential breach and have procedures in place to contain, mitigate and deal with such a situation. This includes timely communication strategies, roles and responsibilities allocation, and contingency plans.

Finally, cyber resilience heavily involves the human factor. This means the regular training of personnel to recognise threats, respond appropriately, and be aware of their role in maintaining cyber hygiene. No advanced system can replace the value of a well-trained team that can recognise and respond to threats swiftly.

 

Myth 3: Cyber Resilience is for IT Departments Only

There is a prevalent belief that only the IT professionals of a company need to focus on cyber resilience. However, this is far from the reality. In actuality, cyber resilience is a broad umbrella term encompassing the entire organisation and is not just the responsibility of the IT sector within a company.

At a first glance, it might seem rational to leave these things in the hands of IT professionals. After all, they are the ones technically equipped to handle these issues. However, this narrow view misses the broader context in which cyber resilience operates. Cyber resilience is not just about having the right technological defences in place or having the ability to respond to and recover from a cyberattack – it extends much further into the fabric of an organisation.

Cyber resilience indeed involves technical aspects – it’s about data protection, network security, response to breaches and recovery. But it also includes elements of human behaviour, culture, and business process. It taps into the organisational resilience capabilities, ensuring that functions critical to the company’s survival are prepared for and can withstand any potential cyber threats.

Every aspect of an organisation potentially interacts with its digital systems. From the management that forms the strategies and policies – to the non-IT staff who work with the data, everyone has a role. Each employee, regardless of their department, has access to a certain level of organisational data and systems. In fact, a majority of successful cyber-attacks can be traced back to human errors – such as an accidental click on a phishing link, or an unknowingly used weak password. These may appear minor but can lead to devastating consequences if cybercriminals manage to exploit them.

This is why it’s crucial to maintain a culture of vigilance across all levels within an organisation. Every employee becomes a critical player in maintaining the resilience of information and systems. They need to stay informed about basic cyber hygiene practices such as secure password management, recognizing phishing attempts, and safe handling of sensitive data. Companies should provide regular training to everyone, not just IT personnel, to identify potential cyber threats and to respond appropriately.

 

Myth 4: Small Businesses Don’t Need to Worry About Cyber Resilience

There’s a pervasive myth floating around in the business community, particularly among small business owners, that they are somehow immune to cyber threats or that their size makes them unappealing to cybercriminals. This line of thinking isn’t just wrong; it’s dangerously misleading, leading many to undervalue the necessity and role of cyber resilience.

However, the predatory nature of cybercrime doesn’t discriminate. If anything, smaller businesses can prove to be easier targets for cybercriminals as they are likely to have less robust security infrastructure. Cybercriminals are opportunists that target low hanging fruits, and any weak link in the security chain can be exploited.

Indeed, small businesses may not possess the wealth of larger enterprises, but they still house valuable data, such as personal customer or client information, payment details, and operational specifics, which can all be leveraged for various nefarious activities. Cyber attackers can also use compromised small business networks as a launchpad for attacks on larger, more lucrative targets, making the security of all businesses interconnected.

Cyber resilience, thus, is absolutely essential for small businesses. It is not merely applicable to larger corporations, nor is it a luxury or an afterthought. In fact, given their unique vulnerabilities and often fewer resources to recover from a major attack, cyber resilience could arguably be more vital for small businesses.

In today’s digital age where connectivity increases vulnerability, cyber resilience should be a top priority for all businesses, regardless of their size. Dismissing it as irrelevant is a dangerous misconception that exposes the business to unnecessary risk. For small businesses hoping to grow and safeguard their hard-earned progress, it’s a vital investment.

 

Myth 5: Cyber Resilience Starts Only After an Attack

A common belief proliferating among many companies and organisations is that their cyber resilience journey begins only after their systems have been penetrated or breached – an attack has already occurred. This belief, from the outset, appears to fail to understand the comprehensive concept of cyber resilience. This approach could be likened to only starting to think about fire safety after a fire has broken out. It is evidently a reactive approach and one that holds serious implications for an organisation’s digital health. Cyber resilience is not merely a reaction; it is a continuous strategy for prevention, preparedness, and improvement.

Forward-thinking organisations must understand that cyber resilience is not only about facing the eventuality of an attack, but also about devising and implementing robust systems for prevention and preparedness for such adversities. The cyber landscape today is a battlefield where threats are dynamic and evolve daily, hence, anticipation and vigilance must form the backbone of your cyber resilience strategy.

Anticipation, in this context, means being aware not just of the current types of threats but also of potential future threats. It involves assessing business operations, identifying vulnerabilities in the cyber infrastructure, and predicting potential attacks. It also involves staying up to date with the latest trends in cyber threats and understanding how they might affect the business.

Preparation is the proactive creation and implementation of plans and procedures designed to respond effectively to anticipated threats. These include security measures such as encryption, two-factor authentication, regular patching, employee training, and more. More than mere technological controls, preparation also involves creating disaster recovery plans and response protocols, preparing employees for potential incidents, and running regular simulation exercises to ensure preparedness.

 

---

 

Clearing the fog surrounding these common misconceptions is an essential step towards solidifying a cyber resilient approach. By understanding the true nature of cyber resilience, businesses can devise a comprehensive cyber resilience management strategy, protecting themselves from evolving threats while ensuring business continuity and data integrity in the face of digital adversity.

 

Contact RiskLogic to explore Cyber Resilience Management solutions

Learn More About Cyber Resilience Management

This week marks the Business Continuity Awareness week in association with the BCI, and would you believe it, the world’s largest cyber attack has hit as well. You couldn’t make this stuff up.

The facts (so far)

Over the weekend, one of the world’s largest ransomware attacks was released across small to medium-sized private sector businesses, in particular, an Australian company being the attackers first victim on Friday.

The attack that began on Friday is believed to be the biggest online extortion attack ever recorded and has sent some major organisations into meltdown, including the UK’s NHS (National Health Service). On Sunday the UK Government announced 97 per cent of its hospital were back to normal after the attack locked, but Europol director Rob Wainwright said he feared the attack was not over and that the number of attacks would continue to grow.

The attack, which essentially locks your companies main servers and users files, has hit 200,000 victims in 150 countries. This number is expected to grow vastly in the next few hours as workers turn their computers on for the first time over the weekend.

The ransom itself is a grand total of $300USD and expected to grow if the user does not pay.

The attack appeared to be caused by a self-replicating piece of software that takes advantage of vulnerabilities in older versions of Microsoft Windows, security experts says.

Chris Watts from Tech Analysis and RiskLogic’s own IT experts says “WannaCry / Wcry / WannaCrypt ransomware is spread via SMB, that is the Server Message Block protocol typically used by Windows machines to communicate with file systems over a network. It’s able to do this where the machine supporting the protocol has not received the critical MS-17-010 security patch from Microsoft which was issued on the 14th of March and addresses vulnerabilities in SMB. In other words, you have to be almost 2 months behind in your patch cycle in order to get hit with Wcry”.

Unfortunately at this stage, little is known about the attackers. What we do know though is one major aspect, this worm doesn’t necessarily need a phishing scam email to find it’s way on your computer. It uses complex algorithms to get onto your system by blocking any data to be re-coded and blocked internally from the patches your system likely doesn’t have updated.

Although the seriousness of this attack is hitting most media outlets today, very few victims have paid the ransom. It should remain this way! Paying the ransom not only funds these attackers to continue, it’s also not necessary.

Am I safe?

The first thought that comes to mind from many business men and women is whether their personal and business computers and files are safe? The short answer is, you’re always a target to this sort of thing. The good news right now is you still have time! As terrifying as the unprecedented global “ransomware” attack is, this is still a media generated storm. Cyber security experts said it was nothing compared to what might be coming and what is capable — especially if companies and governments do not make major fixes now. This means, in short, you still have time to remain in control.

Your organisation’s goals should be to remain calm and let the IT professionals get to work!

Here’s what you need to do right now:

Chances are, very few tech geniuses and IT chaps are reading this. The likelihood is your CEO, Directors and Stakeholders want to know the facts, ‘are we affected?’. You can help them right now by staying one step ahead of the game. Chris Watts of Tech Analysis says you can take a few quick and easy steps:

1. Keep your operating systems current or update it now
2. Install patches early
3. Have a robust backup strategy (time to get your BCP out?)
4. If you are infected, don’t pay the ransom, restore from the backup and get your IT team everything they need
5. Lock down machines. (e.g make sure nobody uses the admin account except for administrators, only trusted users can install software, use USB drives etc..)
6. Don’t open suspicious email or attachments
7. Restrict access to network resources (ransomware can only encrypt what it can access or what machines it can propagate to, make sure file share permissions are setup to restrict machines so they only have access to files on your network file server needed for the workflow that the machine is used for)
8. Block unnecessary ports like pptp. (pptp is an obsolete method for implementing virtual private networks, with many known security issues).

Why haven’t I heard of many companies being affected?

If it wasn’t for the (accidental) discovery and build of a ‘kill switch’ by a 22-year-old tech whiz, only referred to as MalwareTech, this attack would be much larger than it currently is. MalwareTech and his partner, Darien Huss registered a domain name over the weekend that redirected the attack to MalwareTech’s main server, activating their kill switch and halting the attack.

A pinch of luck and tech knowledge has helped slow the attack down in this bubbling soup of concerns. However, Director for Centre for Cyber Security Research at Deakin University, Professor Yang Xiang says that “this attack is likely to progress and grow over the coming hours due to its nature”. Europol director Rob Wainwright says that he feared the attack was not over and that the number of attacks would continue to grow, however many crisis experts (including myself) are confidently promoting the need to revisit your Business Continuity Plans and remain confident in your staff.

Another key reason you are likely not to hear companies registering their attack will be their reputational damage and concerns from their direct clients or customers. Typically, media attention and a statement released by those affected come once control is established, although this isn’t always best for their clients!

One major aspect you need to consider is social media. An easy step to take now is to reinforce your BC awareness and instil confidence to your staff.

Staff should be asked to remain off social media and if neccersary, provided with official communication and statements if the business has been affected.

MalwareTech’s advice is simple: If you haven’t Patched, do it now!

This is already believed to be the biggest online extortion attack ever recorded, disrupting computers that run factories, banks, government agencies and transport systems in nations as diverse as Russia, Ukraine, Brazil, Spain, India and the US.

Get your Business Continuity Plan out!

Remember that plan RiskLogic helped you put together? Now is the time to get it out on your desk. You don’t need to be activating it just yet, but it’s worth having a skim over. Remain a step ahead by revisiting your key procedures and get your BC Team and Crisis Team in the loop.

You need to be using this plan and your excellent communication to get the facts. Have a confident individual in your IT team present you the facts. Relay these to your stakeholders and make the call, as a team, whether you need to activate your plan?

Leave the technical stuff to the pros!

The worst thing you can do is get in the way. The chances are, you’ve not been affected. You also probably won’t be affected (there are more heroes out there than hackers!). But how good of an excuse is this to get your plan out and share it around?

Business Continuity Awareness Week

This coming Friday the 19th, I will be attending the Executive Breakfast for Business Continuity Awareness Week (BCAW). We will be discussing the Kaikoura EQ but also the latest news on this cyber event. This is a great opportunity to sit with some of the leading industry experts on what you should be doing to prepare.

You can register for the event here: http://www.bci-events.wildapricot.org/event-2541842

Until then, plan, do, check and act…

Contact Us today to learn more

Just over a year ago, I was sitting down to lunch with a client in Wellington. It was a rare, beautiful day with a nice buzz of students and frantic businessmen walking around us. We were about 300 metres away from the Beehive (Executive Wing of the New Zealand Parliament Buildings) and my client leant over to ask, “What do you think is the most likely and unlikely organisation to be hacked or targeted by cyber-terrorism?” After very minor thought, I concluded that anything to do with the Defence Force is not only a huge target for any budding hacker, but surely, it’s also the last place that would allow that to happen, right? Wrong!

As of Tuesday 10^th October 2017, an Australian Defence Contractor has had highly commercially sensitive information on the build and design of new fighter jets, navy vessels, and surveillance aircraft stolen.

The Facts as we know them:

Dan Tehan, the minister in charge of cybersecurity, confirmed the hacking had taken place and was targeted towards an unknown contractor.

The hack itself took place over a few months, without any defence or internal networks picking up the attack.

24 hours after the news broke, Australian authorities researched and criticised the defence contractor for “sloppy admin” concluding that in fact, anybody could have penetrated the company’s network and that they were “surprised it hadn’t happened sooner”.

During the investigation of the hack, it was found that hackers had exploited a hole in the IT helpdesk portal where no staff member had updated the 12-month old vulnerability. Literally leaving a door wide open for even the most amateur of hackers to enter.

Furthermore, the Australian Signals Directorate (ASD) found that the contractor had not updated any of its key passwords and entry codes for any internet facing servers in many, many months.

It has recently emerged that the admin password used to enter the company’s web portal was ‘admin’ and the guest password was ‘guest’. An unbelievable fact in terms of the contractor’s field of work.

ASD incident response manager Mitchell Clarke told a conference in Sydney on Wednesday (11^th October) the hackers targeted a small “mum and dad type business” — an aerospace engineering company with about 50 employees in July last year. This means the hackers were experienced enough to go through a third party/supply chain of the main contractors first, again exploiting a hole in the continuity of the whole program.

Clarke noted, “It included information on the (F-35) Joint Strike Fighter, C130 (Hercules aircraft), the P-8 Poseidon (surveillance aircraft), joint direct attack munition (JDAM smart bomb kits) and a few naval vessels.”

This particular firm has been confirmed as a fourth level contractor to the main Defence Force. This means the hackers could still get into the main information via a partner of the organisations – four levels down!

Why aren’t we learning?

Less than six months ago, the biggest cyber-attack to ever hit the internet occurred, WannaCry. The simple lesson learned from this should have been to update all networks, computers, and passwords. This can be done in a few hours depending on the size of your organisation.

If we break down the facts of this case, there are some key questions and discussions coming up:

• The Defence Force should have had a plan in place for all associates of their organisation?
• Why did no one check supply chain security, but are still blaming them?
• The usernames and passwords were not adequate. This should have been noticed earlier.
• How does a hack lasting nearly 12 months not get picked up?
• Is the idea of a foreign state hacking a concern?

The answer to that last question is no. In fact, foreign state powers trying to hack each other has happened since the internet was first set live – it’s nothing new. The key question here is more about the order and control of their supply chain in the first place.

What might happen now?

Nothing is likely to happen. Like with most hacks, it’s an opportunity to boast how good you are at it. The most likely scenario now is a ransom put on the return of the information. Or, we may never hear about this again meaning it’s been taken higher.

The ASD, for now, has dubbed the hacker “ALF”, after a character in the TV soap opera Home and Away. At least they’re seeing the humorous side to all this!

Mr Clarke described the security breach as “sloppy admin” during his press conference. Most IT people could spot holes in the system, it’s the higher authorities who should have put checks in there in the first place.

What you need to do, right, now!

If you didn’t already do this in May following the WannaCry cyber-attack, go and ask your IT team when the last time they changed passwords.

You need to then check how up to date your security systems are.

Then most importantly, you need to get in touch with any third parties you’re associated with and your supply chain! As stated by Alastair MacGibbon the Special Adviser on cyber to the Prime Minister, on breakfast news, “this is a supply chain issue, not the Governments fault”. Sorry Alastair, you can’t blame your supply chain, the responsibility for a disruption remains with the company.

If, for example, you were an airline based in Australia, you will have hundreds of supply chain dependencies, even right down to the travel agent. There would be many websites and potential gateways to stay on top of. Starting to work these out and know what is what will maintain your resilience.

Your DRP (Disaster Recovery Plan) and ITDR need to be looked at, right now. Even if you looked at it last week, you need to double check it’s up to date and where it needs to be.

Coincidently, I’m about a day off finishing my article on the Auckland Fuel Crisis follow up. In this, I discuss contractors and how we often look to blame third party when something like this happens. In fact, your stakeholders aren’t going to do that, neither is the media.

We still don’t know officially who these contractors were, but we’re all happily blaming the resilience of the Defence Force here when really, many authorities and people are involved.

Conclusion:

I will be following up this story as it progresses as I believe it as being a huge eye opener for Australian and New Zealand organisations.

RiskLogic specialise in modules around Business Continuity for your supply chain. We’ve been doing it for over a decade. As well as this, we have industry leading cybersecurity modules & plans for all types of organisations. Our senior consultants and trainers live and breathe this daily across Australia & New Zealand. If you’re concerned about possible holes in your supply chain or cyber-security, give us a call now, obligation free.

Until then, plan, do, check & act…

Contact Us today to learn more

We’re all becoming used to our smartphones recognising a face when we take a selfie. Snapchat, for example, can view your face and add effects to it in real time. The new Samsung S8 and iPhone X can both now unlock with a simple scan of the users’ face, as opposed to the previous pin code or fingerprint.

A year or so ago, Mark Zuckerberg was caught with his MacBook covered in tape to avoid both facial recognition and audio. If the most powerful entrepreneur in the world hides his camera, should we be concerned? The answer is yes, we should be.

The reason for being aware of this and being concerned circulates around one golden theme: cyberthreat.

Would-be hackers now have another gateway to your personal details. A good example of how extreme facial recognition has become takes us to the Chinese province of Xinjiang where the township has become a sort of surveillance, Big Brother laboratory.

The basic premises of this ‘experiment’ is for the government to be alerted when individuals venture 300 metres beyond designated ‘safe areas’. These areas make up routes to workplaces, homes, and shopping facilities. However, an invisible zone has been set focusing its attention on the wandering citizens that live there.

“‘Papers, please’ was the symbol of living under tyranny in the past. Now, government officials don’t need to ask,” said Jim Harper, executive vice president of the libertarian Competitive Enterprise Institute.

It seems now that a system of this magnitude is simply an up to date way of controlling people.

It’s unlikely that demographics in New Zealand and Australia are likely to have such extreme measures put in place, however, it doesn’t mean we’re exempt from the technology itself. Far from it.

In London City and Westminster, it is reported that no less than three cameras are watching you at any given time. There is simply no alleyway, Tube station, park, or shop without CCTV and thus creating the worlds largest ecosystem of digital eyes. The point here though is not to be worried unless you’re giving someone else a reason to be worried. These amounts of cameras can actually work in your favour during a serious incident. You should also remember that there is a current population of 8.7 million people in London and it’s unlikely you’re important enough to be the focus…sorry.

Since the attacks in France, Manchester and the Sydney Lindt Café incident, security and police have never been so on edge or operating in such large numbers. Going off the events of the last 24 months, they have a fair reason to be as well. We’re therefore likely to continue to see updates in technology in our own streets. New, extreme and intrusive measures to watch everything that is going on.

Shopping in Westfield this weekend?

A perfect case to be ‘followed’ by someone other than the kids is Westfield shopping malls. If you enter a mall and decide to jump on their free WiFi system, you are prompted to accept the T&Cs, like always. You’ll likely hit accept before you even consider reading the 9,000-word document. That document, however, explains the following:

When you sign up to become a member of the Site, you will provide us with certain personal information. Your personal information may be used for providing you with news, offers and information about the Site, the Scentre Group shopping centres and promotions run by the Scentre Group, as well as for the purposes set out in section 13 of these Terms & Conditions.

In section 13, it reads:

…we may transfer your personal information to others in countries outside Australia.
… Scentre may collect your personal information through your use of the Site or through your contact with Scentre. Any personal data and other information provided by you will be treated by Scentre in accordance with the Online Privacy Policy.

When entering Westfield shopping centres and car parks, customers’ personal information, car licence plate details and images may be collected by Scentre, and Scentre may also collect customers’ personal information and images from third parties

To save you time reading another 8,500 words on the Online Privacy T&Cs, we’ve narrowed down what they’re saying here by digging deeper.

Westfield collects user information on their location in the mall, the shops they enter, time spent within that section, any pages the user open through a browser relevant to that retail outlet and sells this information to both search engines and the outlet itself.

It’s targeted marketing on steroids.

If you’ve ever wondered how and why an unbelievably relevant product you’ve just spoken to your partner about appears on your Facebook feed, it’s because of the above reason, and it’s as simple as that. Westfield has been doing it and your device does it as well.

China is leading by example

There is a reason Xinjiang has become a testing station for such specific, large-scale surveillance centres around where it lies; the region boarders Pakistan and Afghanistan.

As reported in Bloomberg Businessweek, “The country is on track to represent 46 percent of the $17.3 billion global video surveillance market by year-end, and three-quarters of all deep learning-enabled servers for analysing the data, according to Jon Cropley, a senior principal analyst at IHS Markit.”

Similar technology was used during the French attacks of 2015 where gunman and suicide bombers terrified the city. While on lockdown, the authorities used registered images of the offenders (or who they thought to be the offenders) and scanned millions of faces within seconds. The days of watching hours of tape to find a blurry face have long gone and have been replaced by auto-recognition. The exact same technology on the Samsung S8 and the iPhone X.

Due to continued aggressive attacks in the province, last year, Xinjiang called on law enforcement officials to “actively use modern scientific and technological measures” and “safeguard national security and social stability,” the official People’s Daily newspaper reported.

Bloomberg reported ‘the alert project links security cameras to a database of people who have attracted the attention of authorities and tracks their movements within a particular area, their contact said. Police can follow up by intercepting individuals or visiting their homes and questioning their friends and families’.

Despite pushback from America and Europe, China is truly leading the way on mass surveillance with this new technology with their reasons being control of unsecure sections and security.

Freedom vs Safety

The ultimate pushback from a community around facial recognition, extreme CCTV adoption and control over movements is universal; I want my freedom.

So, the question is, do we allow being watched so closely and on a large scale and thus allow opportunities to catch criminals and in extreme cases, terrorists? Or, do we get rid of the technology now and go back to the old days of asking witnesses, looking for a “man in a grey shirt”?

When you swing it that way, it’s obvious which choice to use – so it’s more the concern around security than around the use of personal information. There are literally hundreds of thousands of ways for someone to find your information. As Westfield points out, they can’t guarantee that security, but you accept the risk by joining.

Therefore, we need to be aware of it, understand it and learn how this technology can help us. We then need to understand how to remain resilient in our own daily lives. Making sure that you know ways of losing your personal information.

And if you’ve got a webcam on your laptop, perhaps a bit of tape wouldn’t go amiss?

Contact Us today to learn more

Last week, RiskLogic brought you the news on the GDPR Regulation that will affect any business or persons who hold European data. This new regulation, although positive for its subjects in question, could be a damaging change for businesses who have not implemented effective cybersecurity and data breach procedures.

It’s being predicted that the EU could collect as much as $6 billion in the first year due to many organisations not taking these changes seriously.

An Overview of the Regulation

The regulation will affect anyone holding European data who fails to report a breach within 72 hours, in a detailed report. This may affect:

• A New Zealand or Australian business with an office in the EU.
• An ANZ business whose website targets EU customers, for example by enabling them to order goods or services in a European language (other than English) or enabling payment in Euros.
• An ANZ business whose website mentions customers or users in the EU.
• An ANZ business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals in order to analyse and predict personal preferences, behaviours and attitudes (largely used for marketing).

The fine for failure to report on a breach could be up to 2% of the business’ annual revenue, or 10,000,000 Euros (whichever is larger).

Using our own Cyber Security Incident Management Procedures program, we’ve compiled our top five steps you should be considering by May 2018. When the regulation becomes law, every organisation will have a responsibility to maintain a higher level of resilience. Above all, you will no longer be subject to just reputational, operational, legal or regulatory impacts, but now also financial.

Tip 1) Acquire a detailed Cyber Security Incident Management Procedure & Plan

RiskLogic’s detailed program on effective cyberattack recovery spans four key steps: Identify, Contain, Eradicate & Recover.

This program will enable you to:

• Provide IT personnel with general and specific procedures for dealing with cyber incidents.
• Provide an escalation path to Executive Management for major cyber incidents that have potential to cause human, financial, legal, reputational and/or strategic impacts.
• Provide IT personnel with preparation lists in order to better prepare them for cyber incidents.
• Provide IT personnel with a process to deal with cyber incidents where a defined process for a specific threat is not included.

The document provides a protocol for dealing with cyber incidents specific to your organisation. It includes assessment tools, key cyber roles and responsibilities, processes for specific threats, mitigation strategies (in general) and for specific key threat areas.

With the likelihood of a data breach stronger than ever, it’s useful to reach out to these documents to follow effective processes unique to your people and the structure of your organisation.

72 hours isn’t a long time to report a large breach to a European Council, it’s worth understanding now if you have the steps in place to do this.

Tip 2) IT Personnel to have Access to General & Specific Cyber Procedures

Your most important asset during a breach is your IT Personnel. For them to do their job to the highest and most effective standard after an attack, your procedures should be used to manage the containment eradication of the attack, and to manage the recovery from the attack. Identify and assess the processes in the Incident Management Plan to make this happen.

Once your plan has been signed off by Senior Executives and your IT team has been trained, they should be able to easily answer:

• What data was lost or breached and who is the immediate contact to notify?
• How are they notified of the breach of data?
• What personal information does the breach involve?
• What was the cause of the breach?
• What is the extent of the breach?
• How can the breach be contained?

Tip 3) Document Escalation Paths for Major Events

When an event has progressed from an attempted breach to a serious event, your Senior Executives will need to know the details as they occur. Keeping a procedure in place for this will ensure the correct decisions are made from the information coming in.

Tip 4) Identify the Risk Classification

In our programs, we separate risks into five key classifications:

1. A data breach through unauthorized access to customer or sensitive data (including medical information and member level monetary transactions) that may result in information being stolen or disclosed in an unauthorized manner. This would lead to reputational, legal, regulatory, and financial impacts to the organisation.
2. A denial-of-service attack or network interruption from an attacker (e.g. Hacktivist) against either you or a third-party provider that may result in reputational, operational, legal or regulatory impacts to the organisation.
3. Phishing, pharming and drive-by attacks against your employees or third-party providers that may result in financial or reputational impacts to the organisation.
4. Malware or ransomware from an attacker that may result in significant financial, legal or regulatory impacts for the organisation.
5. Corruption or conflict of interest within your organisation by employees or a third party may result in unauthorised payments being performed. This may lead to financial, legal, reputational or regulatory impacts to the organisation.

Once the classification has been determined, it’s time to assess likelihood factors. Your organisation should understand the cause and damage that has occurred. Understand quickly the threat source, motivations and the further capabilities of the hacker.

Summarising the threat source quickly will then help you implement the correct procedures to deal with it. For example, did it come from:

• Employees
• Lone individuals
• Competitors
• Third party providers, contractors, or other inside entities
• Hacktivist
• Organised crime
• State/s sponsored activity
• Employers

Unauthorised access can occur from poor password security from users, password sharing, or accounts being used inappropriately throughout the organisation.

One of the top four key risks in the world today is IT Administrator passwords being used/accessed to create havoc. Gaining access to an administrator password is the fastest route for hackers/criminals. This can have devastating effects on the organisation and can lead from a small incident to a snowballing one affecting the whole organisation.

Tip 5) Know what Your Reporting Channels Are

 

The internal reporting, communication and structure of your crisis team should be well documented, checked and acted upon during an event. The same should be implemented in your external reporting, especially with the new legislation.

A good starting point is to understand where New Zealand sits right now with regards to processes for reporting breaches. The Privacy Commissioner has a handful of ways to report breaches, and these can be found here: https://privacy.org.nz/news-and-publications/guidance-resources/privacy-breach-guidelines-2/

CERT Australia recommends that businesses report Cyber Incidents. This can be done by:

• Calling the Hotline 1300 172 499 or
• Emailing info@cert.gov.au
• Online via the Australian Cybercrime Online Reporting Network (ACORN) https://www.acorn.gov.au/

Conclusion

These changes come into effect on May 25^th, 2018. This gives organisations only a small timeframe to ensure that their processes are in place. Whether you are directly affected by these changes or not, this is a good excuse to review the processes your IT team has in place.

To put the seriousness of cyber threats in 2018 into perspective, IBM ran a detailed report on the impacts stating that a minor event can last 19.7 minutes with a financial impact of $53,210 per minute. The chances of these smaller events happening are 69% over 24 months.

We’ll be reporting on these numbers and findings from IBM and McAfee in next week’s article.

Contact Us today to learn more