Pay attention to the human element, cyber security expert warns

Technology

28 July 2023

Christine Chen

pay attention to the human element cyber security expert warns

Need to know

Small businesses are especially vulnerable and must balance technology budgets with spending on training.

Spending on cyber security technology is insufficient to prevent attacks and it is critical to recognise the role of human failure, according to HLB Mann Judd partner Kapil Kukreja.

Mr Kukreja, who leads the firm’s Melbourne risk and assurance practice, said “systems alone won't actually do the job” if they are not right for the organisation.

“Company boards need to safeguard their operations from cyber threats by allocating sufficient budgets for technology, training and human resources,” he said.

“You need to get people with the right skill sets, who have got cybersecurity expertise. And plus, the training, the staff training and awareness — continuous training and awareness is really, really important.”.

Mr Kukreja said that small businesses were particularly vulnerable to costly breaches through complacency and a lack of resources.

“They don’t have the adequate resources to be very frank, and they think that, ‘Okay, we are very small and what could be in it for the perpetrators to steal from us?’ ”

“[But] things like ransomware are very common for small businesses … hackers know that their systems may not be fully secure because they don't have a large amount of resources.”

The Australian Cyber Security Centre estimates small businesses comprise 43 per cent of all cyber attack targets, with the average cost of cybercrime around $39,000.

“If a system carries any vulnerability, they will be able to exploit it and use the information obtained to their advantage,” he said.

Cybersecurity has been on the government’s agenda after recent high-profile breaches to Medibank Private, Optus, Latitude Financial and law firm HWL Ebsworth.

In February, Prime Minister Anthony Albanese announced an overhaul of the government’s cybersecurity strategy, with cyber security coordinator Darren Goldie appointed in June.

“That’s a step in the right direction,” said Mr Kukreja, urging small businesses to take up the government’s new Cyber Wardens program.

“They should be actually using that to their full extent to make themselves more aware and cyber resilient.”

In his own firm, Mr Kukreja described the threat of cybercrime as a “continuous challenge”.

“We have to be ahead of the game…we are trying to implement a lot of measures including a lot of systems in place, a lot of training in terms of our people, processes, policies and procedures.”

“Cyber security is important to all of us, not just the big organisations.”