Cyber crime is a systemic risk and could be the next black swan event, the head of Australia’s corporate regulator says, as senior business executives warned that companies were not sufficiently prepared for such dangers.
Advancements in technology had led to a “significant growth” of cyber crime and had an estimated global cost of $110 billion a year, the chairman of the Australian Securities and Investments Commission, Greg Medcraft, said on Monday.
Mr Medcraft, who was opening the regulator’s annual conference in Sydney, said each cyber attack was estimated to cost an Australian firm about $2 million.
He added that a cyber attack could spread quickly and have a “very dangerous effect” on the financial system.
“We are all connected now, if you have access to the internet, so the potential for systemically attacking systems, if you think about it, is enormous. The issue with cyber crime is what you don’t know you don’t know, because it is constantly evolving.
“You may never avoid it, but it is about being resilient.”
The ASIC chairman said that at a recent IOSCO (International Organisation of Securities Commissions) meeting, the actions of organisations such as the Syrian Electronic Army were raised as one example.
“It’s basically cyber terrorism, and frankly that is actually extremely scary given that we are becoming more and more connected,” he said.
The forum came a month after the Obama administration in the US unveiled its Cybersecurity Framework, a 39-page report on a plan for information sharing between the federal government and public and private critical infrastructure providers.
Mr Medcraft said ASIC would draw from some of the ideas raised in Mr Obama’s proposal, and work with regulators around the world to establish international standards on risk management systems.
Senetas high assurance security comments
In the Australian corporate regulator’s annual conference, ASIC Chairman, Mr Medcraft has significantly highlighted the need for businesses to become information security resilient. The need is compelling when we look beyond the day-to-day hackers and eavesdroppers who wish to steal valuable information such as business secrets and intellectual property as well as identities.
The Sony attack attributed to North Korea is a major example of cyber-terrorism. Security analysts have attributed that devastating event to a specifically deliberate attempt to harm the company.
As Mr Medcraft put it: “…we don’t know what we don’t know…” and that fact necessitates security resilience.
Ultimately the cornerstone of data security resilience is ‘defence-grade’ encryption. All sensitive, valuable and 3rd party data should be encrypted – at rest and when transmitted across networks. Only then may we be assured that a successful data breach will not yield the cyber-criminals anything useful.