Embedding digital trust through a focus on people, data and systems
By Charlene Loo*, Managing Director of BSI Australia and New Zealand
Tuesday, 12 December, 2023
Organisations focused on the future will be those that have the correct protocols, policies and procedures in place to keep their information safe, data secure and infrastructure robust.
As working practices continue to evolve, cloud-based and digitally reliant businesses are becoming the norm. But as digital processes adapt, the risks of cyber attacks, security breaches and human error also increase exponentially.
Given today’s cyberthreat landscape, how do organisations reassure customers, stakeholders and wider society that they can be trusted and have procedures and controls in place to secure and protect data?
Switching to cloud services can have many benefits: enabling remote working, ensuring effective business continuity and faster disaster recovery. However, introducing new services may also open up risks to security, with large amounts of sensitive data being stored by multiple third parties, potentially held and accessed all around the world.
The industrialisation of cybercrime
Consequently, we are beginning to see an industrialisation of cybercrime, with ransomware becoming a commodity service. Earlier this year, the Office of the Australian Information Commissioner (OAIC) reported a 26% increase in data breaches in the second half of 2022, including some of the largest in Australian history, affecting millions of Australians.
Such incidents come at a huge cost to organisations. Latitude Financial recently announced it was forecasting a first-half statutory loss of between $95 million and $105 million after a cyber attack “closed or severely restricted” its ability to earn income for five weeks.
The regrettable truth is that cybercrime has gone through the same rapid transformation we are seeing in our organisations in terms of the adoption of technology, with threats, risks and attacks growing in frequency and sophistication.
Major cyber attacks have the potential to outpace organisations’ abilities to effectively prevent or respond to them. So, what can organisations do to better protect their assets? When it comes to securing data, the instinct can be to focus on building a ‘wall’. But walls can be breached. Building cyber resilience is about going beyond constructing walls and employing a proficient and proactive approach to managing information as an asset. Organisations that embed digital trust and resilience through a focus on people, data and systems increase their potential to secure long-term benefits for their operations, customers and society.
Cyber resilience is about the culture within an organisation
Cyber resilience goes beyond technical controls and is largely about the culture within an organisation. Training, as well as openness and constant engagement with staff about the importance of cybersecurity, can help create a cyber-resilient culture and ultimately better protect the organisation. True digital trust can be built from the top down and bottom up through regular training and policy re-evaluations.
As most data breaches have human involvement, people can be the strongest asset in cyber-defence strategies, making it critical for leaders to bring people along with them to ensure organisations remain cyber resilient.
Ensuring these conversations are not just internal can offer the best chance of success. Maintaining the security of global supply chains is often very complex, with multiple third-party providers of cloud service platforms, technologies and information management systems to contend with. If organisations work closely with the supply chain and procurement managers across their networks, they will be well placed to protect themselves at every point.
Embedding digital trust
By adopting a robust information security posture that embeds digital trust and complies with global best practice, organisations can strengthen information security posture, support an organisation’s digitisation strategy, reduce the risks of information breaches and build digital trust in the brand.
Digital trust can be embedded into the organisation, particularly in building an overarching security framework — integrated throughout the whole organisation — and identifying processes, interactions, risk assessments and continuous improvement to ensure robust resilience.
Focusing on the future
Amid today’s cyberthreat landscape and the emergence of new technologies, having the correct protocols, policies and procedures in place to keep information safe, data secure, infrastructure robust and ultimately, make them resilient, can be key to an organisation’s future success.
When digital trust is at the heart of cybersecurity strategies, this can instil confidence that an organisation empowers its people, systems and technology to ensure safety, security, compliance, privacy and its ethical responsibilities are met.
As technology becomes ever more central to life, evolving digital transformation will not be something that we will be able to separate from how we do business, how we live or how society operates. Organisations focused on the future will be those that have the correct protocols, policies and procedures in place to keep their information safe, data secure and infrastructure robust. And ultimately, digital trust will enable organisations to accelerate progress to a digitally safe world.
Building security-centric AI: why it is key to the government's AI ambitions
As government agencies test the waters of AI, public sector leaders must consider how they can...
State government agencies still struggling with securing user access
Audit reports have shown that Australian government agencies in four states experience challenges...
Balancing digital innovation and cybersecurity in the public sector
Balancing digital innovation with cybersecurity is not an easy task; however, it is one that...