In recent years cyber security has continued to be a major problem with businesses of all shapes and sizes. It is becoming more evident that former employees who leave an organisation disgruntled pose of the biggest cyber security risks for businesses.
Cyber-security expert Shane Day who is the chief technology officer at UNIFY Solutions, said companies that fail to immediately disable their former employees’ computer access are at serious risk of becoming victims of malicious “revenge” attacks on their systems, potentially costing thousands or millions of dollars to fix.
“This is a problem common to businesses of all sizes, and even governments,” he said. As Australia prepares for what Microsoft research terms “The Great Resignation” – where millions of people are planning to quit their jobs in the wake of the global pandemic the risk of cyber breaches will continue to grow.
Shane Day also outlines that research shows that disgruntled current or former employees who steal intellectual property or commit intentional sabotage are among the most expensive threats to businesses. Insider threat statistics suggest almost a third of criminal insiders commit theft for financial gain.
“Information security awareness helps with employees trained to recognise risky behaviour, but this relies on the good intentions of employees,” said Mr Day. “Unfortunately, many businesses find out the hard way that not all employees have those good intentions, particularly when they are leaving the company,” says Shane Day the chief technology officer at UNIFY Solutions.
In order to limit the potential damaged caused by former employees who have bad intentions, the Australian Cyber Security Centre (ACSC) recommends that businesses should make sure that they know exactly who can access information and limit access to information on a “need to know” basis.
According to the ACSC annual “Cyber Threat Report”, during the duration of 2020-21, cybercrime cost small businesses an average of $9,000 and medium businesses more than $33,000.
“Information security is about ensuring information is both available to those who need it, and not available to those that don’t. Identity and Access Management systems enable business owners to make decisions about creating digital access accounts, updating them, granting access to systems and – crucially – disabling users’ access,” says Shane Day.
Mr. Day encourages businesses of all sizes to work closely with their HR team and systems to make sure their cyber-security needs are covered.
“HR systems are very much a ‘source of truth’ for information about who works in an organisation, and it’s essential that a business is able to act quickly to prevent former employees from retaining access to confidential or sensitive information, or doing damage to the business’ systems,” says Shane Day.
“What many businesses, especially small to medium sized businesses – don’t realise is that there are solutions available that don’t need to involve all the bells and whistles and associated cost of an enterprise-grade system. You can get the same systems as we provide for large government departments and enterprises, configured to be good fit for small and medium businesses,” continued Shane Day the chief technology officer at UNIFY Solutions.
to the ACSC annual “Cyber Threat Report” outlined that there was over 67,500 cybercrime reports during the 2020-21 period which was an increase of almost 13 percent when compared to the figures from the previous financial year.
Across Australia, all in all self-reported losses resulting from cybercrime total an excess of $33 billion. Close to one quarter of the reported cybercrime related incidents impacted entities that are associated with Australia’s critical infrastructure.
Over 1,500 cybercrime reports of malicious cyber activity related to the coronavirus pandemic which is approximately four attacks per day.
Over 75 percent of pandemic- related cybercrime reports involved Australians losing money or personal information.
Almost 500 ransomware cybercrime reports, an increase of almost 15 percent from the previous financial year.
Fraud, online shopping scams and online banking scams were the most commonly reported cybercrime types.