Leading advisory firm BDO is urging retailers to get back to basics to ensure they stay ahead of potential cyber security breaches, after releasing the results of its inaugural cyber security survey.
The 2016 Cyber Security Survey, which was completed in conjunction with AusCERT, aims to help the market understand the cyber security challenges Australian and New Zealand businesses face, in an environment characterised by the movement of systems and processes online.
BDO National Leader for Cyber Security, Leon Fouche, said although general awareness of cyber risks had improved, organisations were relying too much on technical solutions for defending against the increased risk of cyber attacks and data breaches.
“The people and process component of cyber defences must be addressed if organisations want to improve their cyber resilience,” Mr Fouche said.
“This is particularly important in the retail industry, where staff are often the collators and/or gatekeepers of customer data, some of which can at times be quite sensitive.
“Getting back to basics and understanding the risks, defining baseline security standards to address these risks, and then enforcing these standards, while monitoring how well they are implemented, is critical to improving the maturity of a business’ cyber security posture.”
Effective supply chain management is a key focus for many businesses, particularly retailers, yet the report revealed around 40% of respondents had security standards and cyber risk management guidelines in place for their supply chain — including third party providers, and the cloud.
Mr Fouche said the fact that less than half of the respondents had security standards for their supply chain was concerning, considering most organisations were becoming increasingly connected to the internet and were highly reliant on third party providers and applications for running their businesses.
“Without proper security standards and oversight of the cyber security risks in their supply chain, businesses are at risk losing control over the security of their operation,” he said.
“No retailer would launch a new product or service without understanding the market and doing some level of product testing before releasing the product. They must take the same approach to protecting their assets across every channel – understand the cyber risks within their environment, and then test and validate that they have appropriate security in place for managing these risks.
“To do this, organisations can start with the simple step of identifying the key data sources and applications they have outsourced to third parties and ensure these have effective security controls in place,” he said.
“This will provide them with insights into the cyber risks in their supply chain and what strategies they need to implement to make them more cyber resilient.”
To help retailers learn more about protecting their business against cyber attacks and improving their long term resilience, BDO’s Cyber and Retail teams are holding an exclusive information session on 22 February in Brisbane.
BDO is a global professional services firm that service a diverse range of clients, from large corporate organisations to private businesses, entrepreneurs and individuals across a broad array of industry sectors. Their Retail team uses more than just the combined knowledge and experience of our staff and partners to provide audit, tax and advisory services to clients across Australia.
Leon Fouche is a Cyber Security and Technology Risk specialist with more than 20 years’ experience. He has performed numerous senior roles within this practice area, including working extensively with the Board and C-level leaders in Government and the Private Sector.