For most small-to-medium Australian businesses, cybersecurity is one of those thorny, abstract issues that has a way of slipping to the bottom of the to-do pile. The logic is sound enough: what are the odds that hackers are going to attack a minor business on one of the remotest countries on earth?
But according to Daniel Johns, head of services at cyber-risk consultants ASI Solutions, nothing could be further from the truth.
“For most businesses, the feeling is, ‘oh, nobody’s going to come after me.’ But the fact is that small-to-medium businesses actually account for the majority of cybersecurity breaches in this country.”
In 2019, almost 1000 Australian businesses suffered a notifiable data breach and the stats Johns rattles off are alarming. Cyber incidents cost Australian businesses up to A$29 billion per year, according to the Department of Home Affairs. If spread out over every business in Australia, that equates to A$276,323 each.
But the Ponemon Institute estimates the average cost of a data breach at more than A$3 million, with more than 20,000 records affected in each standard attack. And it can take almost three months to rectify the damage, including significant system downtime.
Top-to-bottom risk assessment
ASI Solutions has been helping businesses deploy and manage cutting-edge technology since 1985. But in recent years, they realised giving those businesses the skills and software they needed to protect themselves was an equally important part of the process.
“It’s not good enough for businesses to simply wait and react,” says Johns, “or to call cybersecurity a purely IT problem. Cyber-awareness has to be embedded in the DNA of an organisation.”
As Johns explains, there are three prongs to the ASI approach. “First, you need to have the right technology in place. Second, the company board needs to understand the issue and take it seriously – that’s actually a requirement of APRA regulations. And third, but most importantly, you need to educate the users. About 90% of data breaches occur because a user has clicked on something they shouldn’t have.”
“About 90% of data breaches occur because a user has clicked on something they shouldn’t have.”
Taking these three facets as their starting point, ASI has developed a comprehensive, top-to-bottom IT Risk Assessment framework.
“We audit everything from business processes through to organisational culture and the technology itself,” Johns explains. The process is deliberately end-to-end – “There’s no point just giving a client a report if they’re not going to act on it” – and can include cybersecurity strategy development, IT implementation and testing, engagement with the board and cyber-risk training for staff.
Picture: Daniel Johns.
Flexible tech in the cloud
Johns talks about a project ASI recently completed for a Queensland insurance broker. “The company had gone through a series of acquisitions and, when we arrived, they had 12 different tech set-ups in 12 different locations.”
After doing an assessment, ASI built them a single, cloud-hosted solution that meant every location could offer their employees the same user experience.
“It reduced their overheads because they weren’t supporting so much hardware. It increased their efficiency because everyone was using the same system. And it improved their security because now all points of access were being logged in the one location.
“It’s important to us that we’re able to be very agile and flexible in our solutions,” Johns says. “There are no established packages or automatic subscriptions. We’ll customise it to suit your requirements and then roll it out with a timeframe and a process that fits you.”
Find out more:
The first step in mitigating risk is identifying what risk exists. ASI Solutions offers a range of IT Risk Assessments that can be customised for your particular organisation and environment. Learn more by visiting www.asi.com.au/it-services/it-assessments or calling ASI Solutions on 1300 368 010