Cyber crime is becoming one of the raging issues for the businesses in Australia. It is difficult to assume the accurate figure of how much the businesses are expending due to the enhancement in the cyber crime. The increase in the cyber crime causes disruption in business and results in information and revenue loss. Besides the private sector, the government of Australia is also concerned about the amplification of the issues related to cyber crimes. Consequently, the business organizations as well as the government of the country are striving to develop cyber security policies and implement them within the business organization and in the country (Valli, Martinus and Johnstone 2014).
The Australian Cyber Security Centre (ACSC) has amalgamated all the cyber security capabilities that were prevailing across the Australian Government into a single location. CERT is the Computer Emergency Response Team of the country and is the contact point for all the Australian businesses that are affected by cyber security issues. All the major Australian businesses including the owners of the critical infrastructures or any other systems that is of national interest who becomes subject to cyber security issues shall contact CERT for assistance and support against such cyber threats. The Australian businesses are under statutory obligation to act in compliance with the cyber security framework (Stuart 2016).
- To identify the kinds of threats posed by cyber crimes in Australian Businesses
- To recognize the challenges faced by cyber security for businesses in Australia
The scope of the project is to recognize the challenges and the issues related to cyber security faced by the Australian businesses and the legal statutes or policies that have been enacted or developed by the government of the country with a view to safeguard the business organizations from the cyber threats (Brookes 2015). The business corporations shall be at an advantageous position if they act in compliance with the cyber security provide by the government of the country. The literature review shall also entail useful information about the types of challenges that are being faced by the business organizations due to the enhancement of the cyber crimes. Further, the information includes the huge amount of money that is incurred by these business organizations to maintain the advanced cyber security systems. Moreover, the information provided about the different methods that would safeguard the businesses from being subjected to cyber crimes.
Concept and Impact of cyber crime in Business in Australia
The cybercrime refers to the crime committed using computer devices and the internet to act in contrary to the law. Some of the common cyber crimes include online frauds, identity fraud, theft, and hacking of websites and computer systems. Cyber crime attacks lead the companies to spend hefty amount as per the unclassified report of the Australian Cyber Security Centre (ACSC). As per the report of the ACSC, the businesses that are mostly subjected to cyber crimes include Banking, Communication providers and Energy providers.
In Australia, most of the business is dependent on the Internet for their everyday activities. All the critical and vital information are being stored in the online storage systems known as ‘cloud’ such as the information about the details of the company, the personal information about the members of the organization, the financial details and other useful an vital information of the company (Wall 2015). It has become a common practice for the hackers to hack such digital information of major companies and threaten the companies to cause damage to their reputation. To compromise with company data is a serious issue for any company and the corporations are required to be cautious and adopt reasonable measures to prevent such cyber crime.
Cyber activities that are malicious in nature pose a security challenge for all the businesses being operated in the country and all over the world. The Australian organizations across the private and public sectors have been subject to frequent cyber attacks. In fact, major multinationals overseas and governmental organizations have suffered immense loss of sensitive and personal information causing significant damage to the business and its goodwill (Sarre 2016).
The most common cyber security issues faced by Australian Companies
Recently, in 2016, major companies like Yahoo and Snapchat have been subject to significant cyber attacks that had caused substantial damage to the privacy data of the companies and have affected their reputation as well. Given that the country has a stable economy and a very internet friendly society, it is no surprise that it attracts a good opportunity for the cyber criminals to hack the digital information. The most common forms of the cyber related activities that causes damage to the reputation of the company are as follows:
- Number of fakes- the number of fakes is increasing that causes reduction in the trust of the people in the internet and businesses. This implies that it becomes difficult for the businesses to build trusts with the customers. Fake advertisements are becoming common for the hijackers to hijack the websites.
- Email frauds- Due to the fakes appearing all over the internet, the hijackers are provided with greater accessibility to the machine learning tools, which gave rise to fake email frauds. The cyber criminal usually target those individuals who are conferred with greater financial responsibility within the business and deceives that individual to transfer the funds into a fraudulent bank account.
- App store malware- the increase in mobile ransomware allows hackers to have access to credit cards and bank accounts.
- Authentication scheme- people usually use the same passwords for various accounts and cyber criminal depend on the previous history of previous passwords and access their accounts.
Concept of cyber security
In order to combat with cyber crimes, multi-disciplinary affair that aims at preventing cybercrime from taking place in the first place and minimizing its impact after it takes places. This is known as the practice of cyber security. Although it is a fact, that cyber security is constantly developing with the increase in the cyber crimes, but in case of failure of the cyber security, it would cause violation of user accounts and publications of passwords and names (Scully 2014). The cyber crimes usually deal with financial gain, theft of government intelligence or critical business infrastructures. Further, the incline in the occurrence in the malicious cyber activities, it is posing a threat to the national security, economy and foreign policy of the country.
Challenges of cyber security
Since the systems and people have become connected significantly, the value and quantity of information that is available online has enhanced as well. This has also led to an incline in the attempts made to exploit and steal such information. This establishes the fact that the cyberspace and the opportunities it offers pose a significant threat (Clough 2015).
The most substantial challenge that cyber security faces is the humans themselves. Multi-faced creatures who are merely concerned about their influences, agendas, beliefs and their faults, characterize the human. They give more priority to their own interests and agendas and wisdom have time to think about others (Hooper et al. 2013). Even the strictest system can be hacked by using the social engineering. A user who is convinced to provide his login details over the phone to some unknown person; an innocent click on any email link or being convinced to provide personal information, cannot be prevented from falling into the trap of cyber enabled activities. Under such circumstances, no secure network or security software or firewalls can prevent such cyber activities.
In a recent research made by the University of Germany, it has been reported that more than half of people simply click on links that have been sent by strangers despite being aware of the fact that such messages or links could easily hack their personal as well as other essential information.
Further, it can be observed that although cyber security is all about defending the technologies used by businesses in the contemporary world, but it also defends individuals. However, the due to the unawareness or casualness that people exhibit while accessing websites and social networks, they fall prey to the advanced cyber enabled activities which causes loss of valuable information as well as psychological distress. Therefore, it is important to understand and recognize the threats posed by the cyber crimes to avert such crimes.
Another significant factor that poses a challenge to the cyber security in the contemporary world is the increase in the targeted attacks- from violation and email distribution of socially engineered ransomware with a view to cause harmful attacks on the critical infrastructure like energy networks. Data manipulation is another significant challenge that encompasses cyber security today. This refers to the controlling of the machines or providing wrong/manipulated information to human operators without their knowledge (Yar 2013).
An intrusion vector refers to the path that gains access to a target and the common intrusion vectors include malicious links and emails sent, attachments, fake websites that download viruses and through unsecured wireless hotspots and weak passwords. Malicious actors use intrusion vectors with a view to exploit human behavior (Ko and Choo 2015). They usually create an email that contains malicious software, which is based on the interest of the person targeted in order to attract the target to open such vector. The actors usually manipulate such persons to disclose confidential information and such target is ether chosen through social media or cyberspace.
Lack of proper education and awareness is another essential factor that poses a challenge to the cyber security. It has been observed that professionals like lawyers and doctors hold prestigious positions but have incompetent knowledge about the cyber security. Education includes incorporating cyber security at workplace to inform people of the risks associated with the cyber space.
Another essential factor includes lack of collaboration amongst the individuals and authorities that are responsible to prevent any form of cyber attacks. On the contrary, the attackers work together as a team and they work exceptionally well in that they share their knowledge and skills and develop new hacking techniques.
Impact on Business
The Cyber Security Strategy lays more emphasis on the damage that is caused to the business due to the malicious cyber activity especially, theft and manipulation of the company data and other relevant information (Shackelford 2014). Although the contravention and hacking of the company information brings the organization under the limelight and attracts media coverage, but if such information is or trade secrets is compromised by competitors or they become subject to the ‘hactivist attacks like Sony that was allegedly caused by the North Korean hackers’, it would cause substantial damage to the business organization. The cyber-enabled activities shall affect the directorial duties as well as the requirements of annual director report disclosure, hence, the directors are required to exhibit care ad diligence while exercising their duties.
The Australian Securities and Investment Commission (ASIC) has stated that cyber resilience is regarded as high-risk area that shall be taken into consideration in ASIC’s surveillance programs of regulated entities. Hence, the business organizations are required to comply with the regulations. The Australian Securities Exchange recommended that listed entities must review the effectiveness of the management framework. The Privacy Act  (Cth) (Privacy Act) requires all private sector and non-for-profit organizations whose annual turnover is more than $3 million to take reasonable steps in order to safeguard the personal information from being lost or misused.
The establishment of the Cyber Security Strategy by the Australian Government aimed at implementing the following five themes of action in the next four years to 2020:
- Stringent cyber defenses;
- National cyber partnership
- Cyber smart nation;
- Innovation and growth;
- Global influence and obligations;
The government shall provide substantial resources with a view to improve its own cyber security facilities, which would require recruitment of cyber security specialists in every governmental departments and agencies. given that the cyber attacks are usually conducted through the weakest link and that the hackers target the individuals by accessing the connected networks, therefore, the government is required to provide guidance to the government agencies with a view to continuously assess the security risks associated with such agencies (Shafqat and Masood 2016).
The Cyber Security Strategy provides a wide scope for development in the cyber security sector. The private sectors are required to co-design the national voluntary guidelines on cyber security. The government shall develop a national plan to improve the cyber security of the country as a part of the National Innovation and Science Agenda. The government aims at:
- Recognizing the cyber technology gaps for the industry;
- Coordinating and linking with a national cyber security innovation network and the cyber security innovation hubs overseas;
- To invest in the national cyber security framework and infrastructure;
From the above discussion, it can be inferred that although there are several threats associated with cyber security in Australia, but there are technological opportunities that would enable the country to combat such crime-enabled activities. On one hand, it is the technology that has led to an incline the cyber crime rates all over the world, on the other hand, it is the same technology that provides opportunities to prevent the same. Technology provides new ways of conducting business operations and presents new business and economic opportunities. In order to prevent cyber crimes and ensure cyber security it is important that cyber security form an essential part of the conversation in every business organization so that it is considered in the decision–making process of the organization. Every business organizations must ensure that they have best practice policies, an efficient IT auditing and a responsible staffs for cyber security operations. Further, in case of a breach, the faster it is responded to the greater is the possibility of lessening the loss, whether it is reputational or financial. Lastly, sharing the results of the cyber breach with government and industry shall prevent an unknown hacker from hacking the organization’s information.
Valli, C., Martinus, I. and Johnstone, M., 2014, January. Small to medium enterprise cyber security awareness: an initial survey of Western Australian business. In Proceedings of the International Conference on Security and Management (SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
Stuart, D., 2016. Defence mechanism. Company Director, 32(6), p.40.
Brookes, C., 2015. Cyber security: Time for an integrated whole-of-nation approach in australia. Indo-Pacific Strategic Papers.
Brookes, C., 2015. Cyber security: Time for an integrated whole-of-nation approach in australia. Indo-Pacific Strategic Papers.
Sarre, R., 2016. Hacked: Digital innovation comes hand in hand with cyber security.
Scully, T., 2014. The cyber security threat stops in the boardroom. Journal of business continuity & emergency planning, 7(2), pp.138-148.
Broadhurst, R., Grabosky, P., Alazab, M., Bouhours, B. and Chon, S., 2014. An analysis of the nature of groups engaged in cyber crime.
Hooper, C., Martini, B. and Choo, K.K.R., 2013. Cloud computing and its implications for cybercrime investigations in Australia. Computer Law & Security Review, 29(2), pp.152-163.
Yar, M., 2013. Cybercrime and society. Sage.
Crawford, T.A.M. and Evans, K., 2016. Crime prevention and community safety.
Ko, R. and Choo, R., 2015. The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues. Syngress.
Shackelford, S.J., 2014. Managing cyber attacks in international law, business, and relations: In search of cyber peace. Cambridge University Press.
Yu, S., Wang, G. and Zhou, W., 2015. Modeling malicious activities in cyber space. IEEE network, 29(6), pp.83-87.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Fourie, L., Pang, S., Kingston, T., Hettema, H., Watters, P. and Sarrafzadeh, H., 2014. The global cyber security workforce: an ongoing human capital crisis.
Clough, J., 2015. Principles of cybercrime. Cambridge University Press.
Wall, D.S., 2015. The Internet as a conduit for criminal activity.
Vakhitova, Z.I. and Reynald, D.M., 2014. Australian Internet users and guardianship against cyber abuse: An empirical analysis. International Journal of Cyber Criminology, 8(2), p.156.