Cybercrime is increasingly one of the most significant threats to Australian businesses, costing millions each year. But it’s not just about the financial consequences; a hack could lead to exposed trade secrets, regulatory fines, lawsuits, and loss of consumer trust and overall brand reputation. The 2022 Optus data breach underscores the far-reaching consequences of cyber vulnerabilities. Beyond financial losses, the company lost about 10 percent of its users within six months. The breach also triggered significant legal implications with fines and class-action lawsuits lodged against them. Cyber-attacks are also becoming more sophisticated due to advancements in AI, which amplifies the concern. While extensive research is underway to develop better detection tools, Dr. Sharif Abuadbba, a deepfake expert in our Data61 team, warns against over-reliance on these technologies.
“It becomes an AI versus AI competition. This makes it unreliable, so the details and context of incidents end up needing to be reviewed anyway,” Sharif said. Organizations need to stay ahead by continuously reviewing, preparing, and innovating their cybersecurity measures. Check out these expert-backed tips to strengthen your cyber defenses and protect your business.
1. Educate Users Continuously
Employees are your organization’s first line of defense against cyber threats – whether they’re managing visitor logs or handling classified documents. As Dr. Lauren Ferro, Human-centric Security Research Scientist also with our Data61 team, reminds us, human error is a business’s primary vulnerability. “People let down their guard, thinking they have nothing useful for a cybercriminal to take. However, these individuals can be used as the gateway into their organization. Employees need to be informed of the risks and potential consequences,” Lauren said. She emphasizes that cyber risks extend beyond work, as personal information shared on social media can be used to create highly personalized attacks that compromise security.
Regular updates on the latest developments and threats are imperative to maintaining a robust defense. Continuous education ensures employees are aware of sophisticated phishing attempts, social engineering tactics, and other evolving cyber threats. Cybersecurity training should not be a one-time event but an ongoing process where employees receive consistent updates and training materials. Implementing quarterly or bi-annual cybersecurity training sessions can help reinforce key principles and keep cybersecurity at the forefront of employees’ minds.
2. Empower Employees to Confidently Decline
For businesses in Australia, email compromise is the most prominent cybersecurity threat. Examples of this include fake invoices or requests to transfer money, often appearing to come from trusted sources. “An email from a familiar contact isn’t always legitimate,” Lauren said. Email compromise typically happens through phishing, where attackers trick employees into revealing sensitive information or clicking on malicious links. Once they gain access, cybercriminals can manipulate email threads, impersonate executives, and divert funds. Sharif highlighted the importance of empowering employees to confidently refuse actions that deviate from established business processes.
“If they’re following agreed business processes, even if it’s the CEO requesting an urgent funds transfer, they shouldn’t fear getting in trouble. Use well-defined, well-documented processes within your organization as a measure to detect and defeat deep fakes, even if you don’t have the tools,” Sharif said. Providing a clear protocol for employees to follow and creating a culture where employees feel they can question suspicious requests without repercussions are crucial factors in combating cybersecurity threats. Moreover, creating a reporting system where employees can quickly and anonymously report potential phishing attempts or suspicious activities can bolster organizational defenses.
3. Implement Practical Training
While most organizations offer cybersecurity training through online modules, one of the most effective ways to prepare employees for the reality of a cyber-attack is immersive simulation. Interactive training helps employees test their knowledge and identify weaknesses in a safe and controlled environment. Lauren highlights the effectiveness of “Corporates Compromised,” an immersive cybersecurity tabletop exercise developed with the Cyber Security Cooperative Research Centre (CSCRC). The exercise places participants in various organizational roles and guides them through simulated cyber-attack scenarios. Participants gain hands-on experience without the risk.
“It is important that these practical exercises exist. By engaging directly with a cyber-attack and seeing the consequences of their decisions play out, participants gain tangible insights and experience,” Lauren said. Practical training enables employees to make real-time decisions and understand the potential impact of their actions during a cyber-attack. Organizations can conduct regular cybersecurity drills to test their incident response plans and identify areas for improvement. This approach not only enhances employee preparedness but also strengthens the organization’s overall security posture.
4. Actively Safeguard Your Customers
Cybersecurity breaches are not just about losing financial assets. Organizations also have their brand reputation and consumer trust at risk. “When we talk about cybersecurity, trust is a huge thing,” Lauren said. “A cyber-attack affects more than just data – it impacts public trust, investors, and other stakeholders. It’s hard enough getting people to trust the quality of your product or service, let alone regain it when breaches happen.” One way to build consumer trust is to show that their cybersecurity is actively being considered. For example, organizations can ensure that multi-factor authentication is available for customer logins and that users can easily control the data that is being collected.
Advocating for transparency in data handling and implementing rigorous security measures can help reassure customers about their data’s safety. Providing customers with regular updates about their security policies and any improvements in data protection can further enhance trust. Additionally, businesses should offer clear instructions and support for customers to protect their accounts, such as encouraging strong passwords and informing about potential phishing scams. Taking a proactive approach in safeguarding customer data not only protects assets but also fosters long-term customer relationships built on trust and reliability.
5. Prepare for the Worst
With threats and attacks becoming increasingly common, organizations should assume that they will be attacked, or that a threat will slip through the cracks. Sharif suggests using proactive protocols and zero-trust policies. These mean that requests should be assumed fake until verified. Jamie Rossato, our Chief Information Security Officer, also provides his tips for a good incident response plan. “Anyone who plays sports will know that it’s the preparation you put in before the event that ultimately determines your effectiveness,” Jamie said. “How are we prepared for the incidents that we believe are likely to happen? Or that we can see impacting other organizations?”
“Do all stakeholders understand their roles and responsibilities? Are they trained to act?” “The response should be able to be performed even with a key player missing,” he said. Establishing a robust incident response plan that outlines the steps to be taken in the event of a cyber-attack is crucial. Regularly testing and updating this plan ensures that all employees are aware of their roles and responsibilities during a cyber incident. This preparation not only minimizes damage but also ensures a swift recovery, allowing the organization to resume normal operations as quickly as possible.
Protecting Your Organization
Cybercrime is becoming one of the biggest threats to Australian businesses, costing them millions annually. The risk extends beyond financial losses. A cyberattack can lead to exposure of trade secrets, regulatory penalties, lawsuits, and a significant drop in customer trust and overall brand reputation. For instance, the 2022 Optus data breach highlighted the extensive damage cyber vulnerabilities can cause. In addition to financial hits, Optus lost around 10 percent of its users in six months. The breach also resulted in heavy legal consequences, including fines and class-action lawsuits.
Cyberattacks are getting more sophisticated due to advancements in AI, which amplifies the concern. Despite ongoing research aimed at improving detection tools, Dr. Sharif Abuadbba, a deepfake expert in the Data61 team, cautions against over-reliance on these technologies. “It becomes an AI versus AI battle. This renders it unreliable, necessitating a thorough review of incidents,” he explains. Businesses need to stay proactive by continually reviewing and fortifying their cybersecurity defenses. Explore expert-backed strategies to enhance your cyber defenses and safeguard your business.
