Risk Management & Cyber Security - Your business is not immune to risk!

Risk Management & Cyber Security - Your business is not immune to risk!

23 May 00:00 by Daniel Marsh


Cybercrime is increasing in frequency, size and sophistication.

As cybercrime is increasing in frequency, size and sophistication, it is clear that technological defences alone are no longer sufficient to protect a business from attack. Cybercrime has evolved from being a vertically integrated, individualistic activity, to an extremely sophisticated and well-organised, distributed operation, where stolen data is traded and matched on exchanges, and highly specialised professionals are coming in on the action.

Previously copycats or ‘script kiddies’, provided malware by way of exchanges. Today cybercrime is a big business conducted by high quality professionals with the ability and qualifications to cause significant damage.

If you haven't realised it yet but I'm sorry to tell you that it's not just an IT problem...

The biggest problem is if businesses treat the risk of a cyber-attack as an IT problem that only warrants an IT response. While cyberSecurity is an important part of an organisation’s ability to keep its data safe, the IT security function alone will not be sufficient to guard against today’s threats. The ‘people’ factor is often ignored, yet it is a critical element in building a strong defence. Dealing with cybercrime is more than just dealing with cyberSecurity. Security is an important function, but it is only one facet of the whole.

Organisations need to get behind the network and focus on the human element that is inherent in cybercrime. Computers don’t create crimes. It is the people who are using the computers that commit the crimes. And people in the organisations can be, and often are complicit. Usually there is a lot of engineering going on, and it is not just somebody, somewhere, out there, who is involved. There needs to be intelligence gathering; a vulnerabilities assessment; and someone inside the organisation may even be creating the weakness, to test how the malware in question can be inserted.

Combating the threat.

Blake Oliver Consulting and numerous other consultancies recognise that as a minimum organisations need to deploy a Three Lines of Defence model to cyber risk management across their business. This includes preparing and planning around Protective Controls, External Threats, and Internal Threats.

As a business you need to assume that at some point you will be successfully hacked, as a Director have you made preparations for such a scenario? - We have a wealth of Risk Management, Insurance and CyberSecurity experience, as such business response plans and CyberSecurity audits can be developed, tested and implemented by our teams.

Contact us today for more information.

Daniel J. Marsh, Managing Director, Blake Oliver | 0424 885 933 | djmarsh@blakeoliver.com.au   

About the author:

Daniel Marsh is the Managing Director of Blake Oliver, a specialist risk management consultancy firm specialising in Insurance and CyberSecurity. Daniel has worked in the insurance and consulting space since 1998 and has been a Cyber and Financial Lines Underwriter in Australia and a Corporate Broker and Consultant in London.