Typically, we associate doomsday scenarios with nuclear weapons or the Four Horsemen of the Apocalypse — who could predict that they might in fact be digital?
It is impossible to escape that our world is now reliant on technology. The recent WannaCry ransomware attacks have highlighted just how vulnerable our way of life has become.
With more than 300,000 people affected by WannaCry in more than 150 countries — just the most recent example of malware gone wild — this is not a wake-up call. We’ve been there, seen it and done it before — there is nothing left to wake up to. This is the reality of our technology-dependent society and it is telling that it has been predicted many times over, with little action taken.
Naturally, we have the benefit of hindsight — but as a society, we typically react after the fact rather than prepare.
One example is the crippling impact of WannaCry on Britain’s National Health Service, where cost-cutting measures led to the continued use of older, vulnerable and unpatched versions of Windows — and while the NHS is not to blame for being targeted, it does hold responsibility for not ensuring its systems were adequately up to date.
This is a lesson for all organisations — there’s a duty of care to consider when procuring and maintaining ICT systems. While cost is an ever-present factor, issues of accountability, ethics and legal liability must also be considered whenever technology decisions are made. This is not a new revelation; it is an essential building block when deploying ICT systems.
Cybercrime is already the leading financial crime in Australia, with the average cost of an attack to an Australian business now reaching about $419,000, according to the Australia’s Digital Pulse 2017 report released last week by the ACS.
If you or a colleague are accountable in your organisation for the security of your business-critical systems, ask yourself: is this a cost the organisation can bear?
Despite continued news coverage of malware, ransomware and cryptoware attacks, awareness among C-suite executives remains low — only 6 per cent consider cybersecurity a critical issue, a statistic highlighted in the ACS report Cybersecurity: Threats, Challenges, Opportunities, released in November.
The lesson is simple: when we sacrifice security on the altar of expedience or cost, we leave ourselves vulnerable to attacks that will increasingly have unforeseen consequences. This is an issue that will compound exponentially as we see the adoption of emerging technologies like the internet of things (IoT). In a world consisting of billions of devices all connected through networks, the impact of malicious software could be catastrophic. Such a future might not come to pass if IoT devices were designed with security from the ground up, but to date, many IoT solutions sacrifice security for functionality or simply don’t consider it at all.
It’s key for both government and business to ensure attacks are reported and shared in order to allow other organisations to prepare. And it’s not all gloom and doom.
The 2017 Australia’s Digital Pulse report highlights cybersecurity as one of several opportunities for government to play a part. There’s also a role for business, with economic modelling suggesting a greater focus on cybersecurity by Australian business could increase investment by 5.5 per cent.
Anthony Wong is president of the ACS and a technology lawyer.
Reader comments on this site are moderated before publication to promote lively and civil debate. We encourage your comments but submitting one does not guarantee publication. We publish hundreds of comments daily, and if a comment is rejected it is likely because it does not meet with our comment guidelines, which you can read here. No correspondence will be entered into if a comment is declined.