Page Comparison

...

So here is some the FUD, so you can get it all in one place, and we don’t need to talk about it much again, except where it raises questions specifically related to your business. (NOTE: There is far too much FUD online to list it all here, so I’m sticking with government and industry resources).

I could go on and on and on with the contents on this page, but what I’ve listed is already too much. So just skim the words, or pick one or two articles to read.

Director and Boards

ASIC, AICD, and the Governance Institute, along with many others are really honing in on the director and board’s responsibilities for cybersecurity.

• https://asic.gov.au/regulatory-resources/corporate-governance/cyber-resilience/key-questions-for-an-organisation-s-board-of-directors/

• https://actuaries.asn.au/docs/thought-leadership-reports/cyber-risk-gap-widens-for-smes.pdf

• https://www.aicd.com.au/board-of-directors/duties/liabilities-of-directors/directors-oversight-of-company-compliance-obligations.html

• https://www.governanceinstitute.com.au/advocacy/effective-cyber-risk-management/

All of the types of threats

...

A newish part of the report is AI and cybercrime. This will become a much bigger area that we need to be aware of.

Small Business Cybersecurity Myths

You will come across many of these articles online listing out all the myths that small businesses are in some way immune to cyber crime - because they are too small, or don’t have any data to steal. But see below re Supply Chain Attacks, and MSPs being hacked - it may not be about you at all. These articles are just a few of the many articles on this topic.

I chose the building industry one because my background is in home building construction so I know those risks all too well.

• https://www.pexa.com.au/content-hub/the-truth-about-cyber-security/

• https://www.hiainsurance.com.au/news-and-education/debunking-cyber-myths

• https://asic.gov.au/about-asic/news-centre/news-items/no-business-is-too-small-for-a-cyber-security-strategy/

AI and Cybercrime

• Australia - general page on AI and includes questions to ask about AI in your business.

• UK - Impact of AI on Cyber Threat

...

Now, most small business won’t need to know anything about it, but if you have a Web App of any kind, or even just a website where users log in, then this is when you need to start knowing about these risks. I’m including it here because you may have heard someone techy mentioning the name OWASP Top Ten or Cros Site Scripting (XSS) or Injection Attacks. But this is where you will need a Trusted Advisor to help you out with this level of detail.

War Words

As you start to read about cybersecurity, especially articles trying to raise feelings of FUD, you will come across many examples of “war words” being used. Yes, we sort of have to use the words cyber attack, and cyber crime, but we don’t need to get into the rhetoric that Australian businesses are targeted and under attack from nation state ATP adversaries (just to throw all the buzzwords in there). Yes, there is some fact in these stories, but you can get the facts from elsewhere without having to read words that are really not helpful. When you come across these articles, just move on, and get some information in a much more friendly way.

Hacker Focused Words

If you are seeing articles about Advance Persistent Threats, Remote Code Execution, Zero Day, Command and Control move on. Yes, you may need to know these things if you are a cybersecurity professional, but leave it up to us to explain it when and if you need to. You have enough to think about with just getting the basics right before you need to be worried about Nation State Actors (hopefully).

Here’s a glossary if you are really interested though.

Legislation and Regulation

...