We’ve all heard stories about the good ol’ days, when our parents (or maybe you?) wouldn’t even lock the door as you left the house. Security just wasn’t a concern.
Times change and in the real world those days have well and truly passed. In the digital world, security is also no longer a given, but many businesses and even whole industries are clinging onto a world that just doesn’t accept reality.
PwC’s 26th Annual Global Cybersecurity Survey indicated that for Australia, attacks on connected devices would be the largest cyber threat for organisations this year. Even just brief moments of down time in a healthcare setting can lead to significant consequences for patients, staff and reputations.
In recent years, there have been cases where patients have been severely impacted due to these types of threats coming to life. In 2021, a newborn in the US received fatal brain damage which it is claimed was a result of ransomware locking down critical equipment which impacted the hospital’s ability to appropriately monitor the baby’s heart rate.
In another heartbreaking situation, a German woman’s ambulance was diverted away from the closest hospital due to a ransomware hit and ultimately this 1 hour delay in receiving treatment led to her death.
For a recap on possible security threats, you can explore the Australian Government’s guide. Here’s the few that we see most commonly:
Account/email compromise – Where people gain unauthorised access to your log ins like banking or email, and use that access to steal money, goods or information. Similar to online identity theft.
Data breaches – Like we saw with Optus and Medibank, this is where personal information is released by accident or as the result of a deliberate security breach.
Hacking – unauthorised access to a system or network, to action a data breach or to manipulate their behaviour (you might be familiar with the one where your friends post all those raybans for sale on their social media accounts, linking to a scam site?).
Malicious insiders – Threats aren’t always from the Russian or Nigerian syndicates that initially come to mind. Instead they can often be from a nefarious person that has legitimate access to your systems like an employee or contractor.
Malware/Ransomware – These are types of software that harm your computer system or network. In some cases a ransom is requested to free your system, hence the name ransom-ware.
Scams – 1 in x people can’t detect an online scam when it’s presented to them. Whether it’s an email from Austpost rather than Auspost about your missed delivery, or a google ad promoting a too-good-to-be-true sale at countryrd.com.au. Scammers imitate legitimate websites and emails with genuine looking branding to make themselves falsely appear genuine.
The healthcare industry often falls victim more than other industries to ransomware, with some reports suggesting as many as 60% of victims actually agree to pay ransoms. The desperation of this industry to retrieve their data and access systems in an attack means they’re willing to pay as there can literally be lives on the line.
This desperation doesn’t go unnoticed by the cybercriminals either, and has lead to a significant level of targeting of the healthcare industry.
So what can you do?
PwC’s survey indicated that 74% of business leaders would be increasing cybersecurity budgets in the year ahead. They would also be improving governance and reporting lines as well as boosting resilience through identifying and protecting critical business processes. So, maybe you should be making 2024 the year to prioritise your cyber security?
At Xenex Systems, we follow the Australian Government’s cybersecurity framework, Essential Eight. It’s based on world-class best practice and approaches protection in your business in a logical and impactful way.
The application is really quite simple when a professional is engaged, we’ll run a free audit of your systems and then provide a plan that will likely cover.
We’re here to help you use technology for smarter business. Let’s chat about prioritising your cybersecurity today today.