Former Queensland detective Brendan Read’s role in the high-tech crime unit opened his eyes to the growing threat of cyber crime more than a decade ago.
But – as the KordaMentha forensic practice partner tells an upcoming FINSIA podcast to be released as part of FINSIA’s Future of Finance series – that trend has continued to spiral in an upwards direction. And it does not show any signs of slowing down.
“The risk around cyber has been there for a number of years and it just continues to gather momentum,” he says.
“It’s just continued to grow and grow and grow. The problem that we’re now facing is that it’s an uphill battle to keep up with it and we’re not going to see numbers drop at all.”
When a recent survey of CEOs showed 95% of them worried that cyber threats were the greatest risk to business, phishing attacks up more than a quarter from 2019-20 and ANZ saying it was receiving eight to 10 millions attacks a month during COVID the danger of cyber attacks is clear to see.
For Brendan, it is vital business leaders understand the threat of cyber risks, especially those in banking and financial services.
“No sector is actually immune to cyber attacks,” he adds, explaining that the majority of the attacks he saw in both law enforcement and the private sector “are very much financially related”.
“So in terms of how FINSIA comes into play, your members would very much be in the firing line for some of these attacks.”
Having to adapt to a changing business landscape, whether it’s moving to cloud-based technologies, reliance on third party applications and platforms or dealing with remote working environments as part of a response to COVID, all increase the opportunity for cyber criminals, he says.
But do CEOs and Boards at these businesses have the right acumen and skills to deal with the increased threats?
“It comes down to having access to the right expertise, having an actual plan in place, an incident response plan to deal with an incident when it does happen,” says Brendan.
“That way they’re going to be in a much stronger position to deal with the incident once it actually happens and they’re going to have their operations back up and running a lot sooner.”
Brendan conceded there were businesses who were found lacking in terms of what they’re spending and doing on cyber security.
“It’s one of those situations where the business is trying to deal and manage that cyber risk as best they can, but probably don’t have a necessary enough respect for how severe that this issue can be and how crippling it can be to a business,” he said.
“Worst case scenario, some of these cyber attacks can actually take a business out of operation altogether.
“I’ve seen situations where the IT teams aren’t big enough to manage the security risks, as well as the general administration of their networks and, information governance.
“There really needs to be specific skills, specific resources brought in to manage and also respond to these types of risks. That might be bringing those resources in externally, but having a plan in place to know who they need to call as quickly as possible to get them in.”