Under a new cyber security initiative, Australian small businesses employing less than 20 people are to have penetration testing conducted by ethical hackers, funded by the Australian government.
The ethical hacking of small businesses is based on Australia’s cyber security strategy. This strategy aims to ensure that the government and private sector share more information on cyber threats. Australian universities have also been charged with training more cyber security professionals.
The Australian government has been proactive in data security and has passed the Privacy Amendment Bill 2016 into law. This law requires that organizations report data breaches and lost data to the Privacy Commissioner and customers. To ensure that businesses adhere to the privacy amendment law, the Australian government issues a fine of up to $360,000 for individuals and $1.8 million for organisations.
The Cyber Security Small Business Program is a component of the Cyber Security Strategy that has been mandated to improve cyber security for Australia's small businesses. The Registered Ethical Security Testers Australia New Zealand (CREST ANZ) received a grant from the Cyber Security Small Business Program to increase its pool of approved service providers, to satisfy the demand of businesses seeking their services.
‘Ethical hacking’, or ethical security testing or penetration testing, is hacking performed either by a company or individual to identify potential threats on a computer or network. Ethical hackers attempt to bypass system security and thus identify weak points that can be potentially exploited by malicious attacks. The findings are then used by organisations to implement measures to improve system security and minimise and eliminate potential attacks.
For hacking to be deemed ethical, the hacker must;
Cyber-attacks and breaches in large corporations are public knowledge. However, attacks on small businesses rarely get to the public, though they are equal targets of these attacks. Small businesses have more digital assets compared to individuals, but less security compared to large enterprises which makes them vulnerable.
A proliferation of recent cyber-attacks has caused extensive damage to governments, companies, and individuals. The recent WannaCry attack is a perfect example where ransomware inscribed itself on roughly 300,000 computers and digital software in more than 150 countries. Cyber threats do not only compromise sensitive company and customer data but also amount to huge costs and destroy the reputation of companies.
ISO 27001 is the internationally recognised standard for information security management systems. Certification to this standard proves to stakeholders and clients that you are properly managing the security of your information systems.
Cyber security is critical today, due to the magnitude of cyber threats that companies face every day. You can use ethical hacking to determine vulnerabilities within your IT systems and implement the necessary controls to secure them. This will protect your business from considerable financial losses and a damaged reputation in case of a data breach.
To learn more about the information security threats facing Australian businesses, download our free Whitepaper below: