Embedding cyber resilience into your organisation

We’re at a crossroad where cyber resilience has become a defining mandate of our time – to anticipate future threats, withstand, recover from cyber-attacks, and adapt to future digital shocks. By Graeme Muller.

Cyber security professionals are in high demand globally and New Zealand companies are struggling to find people with the right skills.

NZTech is working with members to reduce the cybersecurity workforce gap through training, upskilling and bringing in overseas experts through new immigration windows.

Cyber-attacks are on the rise around the world, with healthcare and utilities the most targeted sectors. Organisations must not only defend against attacks but be able to recover quickly after a major disruption.

Business leaders should embed cyber resilience across their organisations to protect against digital threats.  The impact of the Covid pandemic is giving way to new opportunities for cybercrime.

While cybercriminals continue to leverage the impact of the pandemic, they will also find new opportunities to attack.
In 2021, cyber criminals adapted their attack strategy to exploit vaccination mandates, elections and the shift to hybrid work, to target organisations’ supply chains and networks for them to achieve maximum disruption.

The sophistication and scale of cyberattacks will continue to break records and we can expect a huge increase in the number of ransomware and mobile attacks.

Going into 2022 we will see an increase in data breaches that will be larger scale. These breaches will also have the potential to cost organisations and governments more to recover.

In May 2021, a US insurance giant paid $40 million in ransom to hackers. This was a record, and we can expect ransom demanded by attackers to increase in 2022.

Cyber crimes are set to cost governments and organisations $US10 trillion by 2025. As new cyber threats emerge, boards of directors must develop cyber risk plans to ensure their companies have greater cyber resilience.

Cyber risk strategies should align to financial analysis using clear and understandable language. Cybercrime cost the world at least $US6 trillion in 2021.

 As cyber threats escalate and evolve, businesses are bolstering their cyber-security budgets. For them to see proper returns on these hefty investments, it’s important that clear and effective strategies are in place to counterattack cyber crime.

Clarifying the cyber crime conversation in the boardroom is the first step. Effective communication is a cornerstone of positive outcomes in business. Developing a common language for discussing the complex issues of cyber risk is essential to achieving cyber-risk resilience. 

 The national cyber security summit to be held in Wellington in July will discuss the latest ransomware and trojan attacks in New Zealand.

Corporate and company leaders are increasingly elevating the importance of cyber security to their companies. But the 2021 high-profile attacks show how much more needs to be done in the year ahead.

The far-reaching cyber security breaches last year were a reminder to decision-makers of the heightened importance of cyber security. Cyber security should be a board-level or company owner level issue now for most firms.

The pandemic has accelerated tech adoption but has exposed cyber vulnerabilities and unpreparedness.

It is critical to continue elevating cyber security as a strategic business issue and develop more partnerships between industries, business leaders, regulators and policymakers.

Digitalisation increasingly impacts all aspects of our lives and industries. We are seeing the rapid adoption of machine learning and artificial intelligence tools, as well as an increasing dependency on software, hardware and cloud infrastructure.

Facing these heightened risks, companies and government need to acknowledge that cyber security is a national security priority.

Businesses that actively adopt cyber security and more importantly improve their cyber security infrastructure are more likely to be successful.

Last year many Kiwi providers of essential services including energy, healthcare, food, and transport were hit by ransomware attacks which crippled their operations and had cascading effects on critical functions the public relies on.

No company has the resources to fix all cyber issues and not all fixes are equally important. It is only by starting to identify activities that are important to a business, and understanding how attacks could disrupt them, that one could start to prioritise the process of risk mitigation.

All businesses should ensure they are at least following a few basic security processes – keep software patches up to date, regular backups, strong passwords and use a password safe, and where possible use two factor authentication.

We’re at a crossroad where cyber resilience has become a defining mandate of our time, to anticipate future threats, withstand, recover from cyber-attacks, and adapt to future digital shocks.  

Graeme Muller is the chief executive of NZTech, a NFP organisation which brings together 20 tech associations and more than 1600 member organisations.

Visited 20 times, 1 visit(s) today
Close Search Window