Along with many businesses, Accru Felsers has witnessed the rapid pace of technology advancement. From the cloud accounting phenomena of the 2010s, the rise of work-from-home arrangements during and post-COVID, and more recently, the scramble to implement and utilise AI, each shift has brought opportunities to leverage and risks to mitigate.
At a recent security conference, it was articulated, “There are two types of businesses: those that have suffered a cyberattack and those that are yet to. It’s a matter of when, not if.” Recently, we have seen some big names suffer devastating compromises from lax cybersecurity controls, poor user behaviour empowering credential harvesting (obtaining usernames/passwords of valid users), or diligent attacks from cyber gangs. MediSecure, Optus, Telstra (ExpressVPN), Microsoft, and many more have fallen prey.
Accordingly, the importance of resilience and minimising the impact of an attack should be a critical part of any business IT strategy. Prior to the rise of cloud computing, commercial realities meant many controls were almost exclusive to enterprises and very large organisations, where budgets allowed for redundant systems, extra security personnel, and other overheads, often leaving small businesses stranded.
Why Increase Your Cybersecurity Spend?
- Risk Mitigation: With the increasing frequency and sophistication of cyberattacks, businesses can no longer afford to be reactive. Proactive investment in cybersecurity is necessary to reduce the risk of breaches, data loss, and financial damage.
- Reputation Management: A data breach can severely damage a company’s reputation. Investing in robust cybersecurity measures ensures client trust and maintains your business’ credibility.
- Compliance and Legal Requirements: Regulatory frameworks and industry standards often mandate specific security measures. Non-compliance can result in hefty fines and legal consequences.
- Cost of Recovery: The cost of recovering from a cyberattack can far exceed the investment in preventive measures. This includes not only financial loss but also the operational downtime and increased resources required to restore normalcy.
Without adequate controls, recovery from a cyberattack may not be possible for some businesses.
Balancing Cost and Protection
Even with a near-infinite budget, businesses will never reach a zero-risk position. Therefore, every business needs its leadership team involved in an informed process of offsetting the level of investment with the desired level of protection to reach an acceptable risk position in line with the business strategy and industry norms.
While there are many frameworks and methodologies to choose from, the Australian Cyber Security Centre has developed a flexible set of controls which are appropriate for a wide range of businesses. Referred to as the “Essential Eight”, it is a flexible framework ranging from a minimal set of required controls (with practical and cost-effective implementation guides built on Microsoft 365 and other vendors to gap-fill security) to more sophisticated controls for larger enterprises and government departments.
Given its adaptability, this framework is well placed to aid in the implementation of many businesses’ security goals and help shape policy around controls and acceptable practices.
Accru Felsers’ Commitment to Cybersecurity
At Accru Felsers, we have long embraced the Essential Eight framework, significantly enhancing our security posture to meet the evolving landscape of cyber threats. Our commitment to robust cybersecurity measures not only protects the sensitive data we hold but also reinforces the trust our clients place in us. As we continue to adapt and strengthen our defences, we remain dedicated to safeguarding our clients’ information and maintaining our reputation as a secure and reliable accounting firm.
To discuss any of the information above, reach out to your Accru Partner or read the Australian Cyber Security Centre’s Essential Eight framework here.