Directors Should Be Accountable for Cybersecurity Incidents – Says ASIC

Cybersecurity Incidents

With cybercrime rearing its ugly head again and again, the watchdog ASIC has its job cut out. The chair of the regulator says in no uncertain terms that directors need to ensure their companies have adequate cybersecurity mechanisms to thwart cybercriminals and recover from an attack. And should the directors not pay heed to the instructions, action ought to be taken. Joe Longo, the chair of the regulator ASIC, says cyber readiness is more about building the ability to respond quickly.

According to him, cyber preparedness is not about possessing impregnable systems, which is practically not possible. Instead, preparedness should include security, resilience, and the ability to respond to and face a major cybersecurity incident. This can be achieved through comprehensive planning and crafting a risk management strategy to thwart major cybersecurity incidents. Importantly, any recovery plan would not suffice if not backed by regular testing and risk assessment, including of the supply chains.

Mr. Longo, while speaking at the Australian Financial Review Cyber Summit, said the attacks against Optus and Medibank last year should have been a wake-up call. However, surveys paint a different picture altogether. According to the surveys, most businesses lacked confidence and did not show any resilience when faced with a worst-case cybercrime scenario. An important learning from the cybersecurity incidents has been the avoidance of over-reliance on third-party providers.

“The speaker stressed the lack of control individuals possess over third-party security providers. Relying solely on their measures leaves an opening for data breaches if those measures are compromised, as demonstrated by the Latitude Financial breach earlier this year. According to preliminary findings from an ongoing ASIC survey, weak links in cyber preparedness are found in third-party suppliers, vendors, and managed service providers. Nearly half of the respondents admitted to not managing third-party or supply chain risks.

Mr. Longo highlighted disconnects in how different parts of a business handle digital risks, including oversight of cyber risk by boards, management reporting to boards, identification and remediation efforts by management, and cyber risk assessments. He emphasized the necessity of addressing this disconnect, asserting that cybersecurity and resilience are not just technical concerns but essential aspects of directors’ duties. ASIC expects directors to ensure their organization’s risk management framework effectively addresses cybersecurity risks and implements controls to protect key assets and enhance resilience. Failure to do so might lead to regulatory consequences.

Continuous Reassessment of Cybersecurity Risks

Longo emphasized the importance of proportionate measures tailored to the organization’s nature, scale, and complexity, as well as the criticality and sensitivity of key assets. He stressed the need for continuous reassessment of cybersecurity risks based on threat intelligence and vulnerability identification. Cybersecurity and cyber resilience should be top priorities for all boards. Failure to prioritize these aspects could result in foreseeable harm to the company and expose directors to potential enforcement actions by ASIC.

Boards and directors must also plan communication strategies with customers, regulators, and the market in case of security breaches. Having a clear and comprehensive response and recovery plan, along with regular testing, is crucial. Additionally, companies need to be vigilant about system breaches and exploits, even with robust defense systems in place. The speaker underscored the urgency to act immediately and recognized third-party suppliers as a significant vulnerability. Neglecting to evaluate third-party cybersecurity risks could have severe consequences, as recent events have demonstrated.” The question arises: what should businesses do when faced with threats to cybersecurity?

How Businesses Safeguard Against Cyber Attacks

As digital transformation accelerates, the threat of cyberattacks looms larger. Businesses must proactively shield themselves by evaluating their risk exposure and taking measures to fortify their defenses. Strengthening cybersecurity involves several key strategies:

Enhancing Security Measures: Firms can enforce robust password policies, adopt multi-factor authentication, and ensure software is regularly updated to counter potential vulnerabilities.

Addressing Weak Points: Regular network scans help identify and promptly patch security flaws. Expert guidance from top cybersecurity firms like Cybernetic Global Intelligence can be invaluable in this process.

Employee Training: Comprehensive training programs empower employees to recognize and report phishing emails, social engineering attacks, and other cybersecurity threats.

Regulatory Compliance: Adhering to industry standards such as PCI DSS is crucial to ensuring businesses comply with essential regulations.

When businesses lack the expertise or resources to establish a strong cybersecurity framework, consulting cybersecurity firms like Cybernetic Global Intelligence can provide vital assistance. Cybernetic Global Intelligence, a globally accredited provider, offers a wide array of services, including:

Managed Security Services: Continuous monitoring and threat analysis enable real-time detection and response to cyber threats.
ISO 27001 Certification: Assistance in obtaining ISO 27001 certification, an internationally recognized information security management standard.
Risk Assessments and Security Audits: Thorough assessments and audits identify and mitigate cybersecurity risks and vulnerabilities.
Red Team Testing: Simulating cyberattacks to pinpoint weaknesses in a company’s cybersecurity infrastructure
PCI Compliance Consulting: Guiding businesses to achieve PCI compliance is especially crucial for those handling credit card transactions.
Penetration Testing: Identifying and rectifying vulnerabilities that cybercriminals might exploit.

Conclusion

In an era where businesses, including those in Australia, are increasingly susceptible to cyber threats, Ravin Prasad, CEO of Cybernetic Global Intelligence, emphasizes the imperative of fortifying cybersecurity. Engaging leading cybersecurity companies, such as Cybernetic Global Intelligence, is essential. For more details on securing your business against potential cyber threats, contact us at 1300 292 376 or via email at contact@cybernetic-gi.com.

Post a Comment