Experts at a security round table event in Sydney yesterday said business owners are too focussed on what's going on now, inside their businesses, and not looking at outside threats. As a result, when events such as WannaCry and NoPetya strike, they are unprepared and get hit hard.
Monica Schlesinger, Principal of Advisory Boards Group International, said it's not just small businesses that are being hit. The NoPetya event hit a number of large businesses, including Cadbury. Their factory in Tasmania was shut down following the attack.
Schlesinger said, "Every business needs to have a clear strategy in place when it comes to cyber security, and formation of that strategy has to start at board level. The strategy must take into account the evolving threat environment and clearly outline the steps that will be taken to minimise the risk of attack."
That lack of focus might change in the new year when the Mandatory Breach Notification laws come into effect. David Higgins, ANZ Country Manager at WatchGuard Technologies, said "Senior management has to be aware of its responsibilities and realise that security can no longer simply be left to the IT team. They have to take a top-down approach".
While 2013 may have heralded the era of the mega-breach - triggered by the breach at Target in the United States but followed by a number of targeted attacks resulting in the theft of billions of personal records, 2017 might well be the start of the cyber-event era.
Today's threats are broad in scope and designed to extort money (like WannaCry) or simply cause chaos and disruption (NoPetya). But are businesses really paying attention and putting steps in place to protect themselves?
If WannaCry was an alarm, it's clear many businesses hit the "snooze" button when NoPetya struck.