It may not surprise you to learn that in an increasingly interconnected digital world, cybercrime is on the rise.

Accelerated by the proliferation of the internet, multi-device ‘work-anywhere’ flexibility, digital ecosystem complexity, and cyber criminals who have become devilishly more sophisticated – cybercrime is an epidemic that costs Australia an estimated $42 billion annually.

What may surprise you is that 95% of cybersecurity issues are caused by human error according to the World Economic Forum Global Risks Report.

Most of us have done it – absent mindedly clicked on that link or pop-up ad that looked so genuine. And a few seconds later, we get that sinking feeling, kicking ourselves for a momentary lapse in judgement. You can be compliant, with the optimal cybersecurity ecosystem and protocols in place, but it’s your people, empowered by a culture of cybersecurity, that are your first and best line of defence. We need to bring cybersecurity out of the shadows and into the light.

Step 1. Build steadfast foundations on a culture of cyber awareness

Organisations need to think about their cybersecurity like fortifying a castle. You can't just build a defensive wall and think, "It's built. I’ll go and do something else now." You need to protect the castle, the sky above it, the ground beneath it and the people in the fields outside it.

Your fortress could have the thickest firewalls and a seemingly impenetrable security infrastructure and still experience a breach via a little mobile phone in one employee’ pocket, another’s weak password, phishing susceptibility or an inadequate backup practice. Today organisations need well-trained archers patrolling the battlements and risk-aware soldiers ready to deploy at a moment's notice.

Hackers are incredibly good at deception. And the era of AI is likely to make them even deadlier. Creating and embedding a culture of confidence and awareness around cybersecurity, ensures that your workforce:

  • Understand the prevalence and cause of cyber breaches and are prepared for ‘when’ not ‘if’ they take place.
  • Feel cyber-confident and supported to develop secure behaviours, or speak up without fear if they make a mistake.
  • Make cybersafe practices second nature, in all settings (office, hybrid or remote).

Rather than seeing cyber training as irksome compliance, our experience is that staff appreciate the “life skill” as they feel empowered to protect their personal information, navigate the digital world safely, and mitigate the risks of cyber threats in both personal and professional settings.

While user awareness safeguards the perimeter, if cybercriminals are determined to breach the castle, they probably will, and you need to be prepared for that too.

Step 2. Assess the risks and shore up your defences

Once you've increased awareness and mentally prepared your employees for a potential breach, it's crucial to conduct tests and strengthen your security measures. This starts by understanding your risk posture, then mitigating and strengthening it through a series of assessments of your infrastructure, applications and policies.

Cyber hygiene and resilience testing and reporting is key. Vulnerability assessment and management will highlight weak points in the castle, classify risks and prioritise the remedial actions needed to strengthen the walls. This due diligence allows you to tune up the cybersecurity strategy, develop the roadmap to compliance and put in place governance frameworks, risk monitoring and incident response plans.

In essence, effective cybersecurity weaves together customised layers of protection, that all together move the dial toward optimal cybersecurity. This was certainly the case for Datacom customer Synlait, the dairy giant who’s complex ecosystem and dispersed sites was akin to a grand castle complete with multiple towers, walls and structures. This Synlait customer story outlines the multi-faceted program and sequence of measures (including comprehensive user awareness) that is required to help protect the assets, information and data of a global business.

While the cloud is an incredible enabler of modern working freedom it also presents a more complex ecosystem to protect. The castle perimeter is always on the move, and ever expanding. for starters.

Cybercriminals are increasingly targeting cloud environments, according to the CrowdStrike 2024 Global Threat Report which stated that cloud environment intrusions increased by 75% from 2022 to 2033. These attackers often exploit legitimate cloud accounts and public-facing applications to gain access, aiming to discover and misuse higher-privileged accounts. While a zero-trust architecture presents a sound security strategy (by minimising access by demanding continuous verification) increasingly organisations need to invest in advanced monitoring and detection tools to identify and mitigate threats in real-time. This is where AI tools can excel.

Don’t forget about AI – the powerful sentinel in the watchtower

Artificial intelligence (AI) helps protect your cloud ecosystem by offering advanced real-time monitoring and threat detection capabilities. By using machine learning to sift through and analyse vast amounts of data so swiftly, AI can identify unusual patterns and potential security breaches in a fraction of the time This enables better proactive defence measures, allowing for immediate responses to potential threats.

Additionally, AI's predictive analytics can foresee potential vulnerabilities and attack vectors, thereby predicting, and possibly preventing incidents before they occur. The improved real-time threat detection and response greatly strengthens cloud security, helping to safeguard data and applications against continuously changing cyber threats.

Michael Pratt sitting down in a suit for his profile shot
Datacom's GM Hybrid Cloud Solutions Michael Pratt says when an organisation loses $1.3 million in the average data breach, it is little wonder that cybersecurity is one of the top priorities and greatest challenges our customers face today. Organisations need to accept that incidents will occur and be ready to respond fast, limiting the damage in the process.

Step 3. Increase business resilience and prepare your ready-reaction force

When an organisation loses $1.3 million in the average data breach, it is little wonder that cybersecurity is one of the top priorities and greatest challenges our customers face today. Organisations need to accept that incidents will occur and be ready to respond fast, limiting the damage in the process.

The optimal cybersecurity strategy embeds business resilience into the castle in the form of sound security management to protect, detect, respond and recover. In the face of a skills shortage of cyber professionals, having the ready-reaction force (the soldiers in the wings) to remediate, re-build the castle wall(s) and get back to business faster is challenging for many organisations.

This is where leaning on your cybersecurity partner for support is key. A shift to their SOC (Security Operations Centre) for instance, will strengthen your cybersecurity army with theirs, and provide 24/7 monitoring with an arsenal of the most up-to-date cloud and AI enabled threat detection and incident management services.

Cloud enablement is also key to resilience. In the event of a cyber attack or incident, cloud technology enables rapid replication of essential infrastructure and reduces downtime. Considering that it can take organisations around 24 crippling days (on average) to bounce back from a ransomware attack, swift remediation is crucial.

Datacom understands the complexities of cybersecurity and can help businesses cut through some of that complexity and understand what is needed to protect their people and data. Our cybersecurity practice is organised into three categories with user awareness interwoven into each area:

  • Assess – Understand risk
  • Assure – Mitigate & Manage risk
  • Consult – Elevate & Improve

Action checklist – how do you measure up?

User Awareness Training

  • Implement a comprehensive training program to educate staff on the fundamental principles of personal cybersecurity, ensuring they understand how to protect themselves and the organisation.

Incident readiness program

  •  Develop a readiness program to prepare end-users for responding to cybersecurity incidents, enabling swift and effective action in the event of a threat.

Threat response policies

  •  Establish clear processes and policies for responding to various threats, ensuring a structured and consistent approach to incident management.

Endpoint security measures: 

  • Deploy endpoint security measures to intercept and neutralise potential threats at their entry point into the organisation, preventing incidents from escalating.

Risk simulations and testing

  • Conduct regular risk simulations, testing, and reporting to evaluate the effectiveness of security measures, identify vulnerabilities, and reinforce the organisation's cybersecurity posture.
Four colleagues looking at computer screen in a dark room
Related industries
Professional services Technology
Related solutions
Advisory & consulting Cloud services Customer experience Security