Corporate Governance: Cyber Security & Resilience in Australia

Verified

Added on 2023/06/06

AI Summary

This report identifies critical cyber security issues faced by Australian businesses, highlighting vulnerabilities arising from new technologies, human error, and advanced hacking software like ransomware and blockchain exploitation. It discusses the impact of these issues, including financial data manipulation and increased market liabilities. The report also addresses challenges in cyber resilience, such as leadership and strategic shortcomings. To ensure corporate survival, the report recommends routine access monitoring, full-disk encryption, and adherence to cyber resilience principles. These measures aim to protect financial and strategic data, mitigate cyber attacks, and improve overall data security within Australian business organizations. Desklib provides similar solved assignments and study tools for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

CORPORATE GOVERNANCE
STUDENT’S NAME:
STUDENT’S ID:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Executive Summary
This report has described the cyber security issues faced by Australian business organisations.
Based on advanced technologies the hackers can access their private financial data and business
strategic plans to take advantage of them. Additionally, the financial data manipulation has
reduced the cash assets of Australian business organisations. The lazy and ignorant nature of
employee ensures that they do not follow the relevant data security procedure in the business.
Ransom ware a type of virus that spreads in the cloud computing devices has helped the hackers
to easily access business information of the companies. Finally, the Blockchain process helped
the hackers to hack the decrypted data of the transactions and manipulate them. Therefore, the
Australian companies have faced unnecessary losses in the business. However, the rules of
Board Principles for Cyber Resilience can help the organisations to present a report regarding
their management effectiveness. Australian company can introduce long-term business strategies
regarding their report against cyber crime. Additionally, the new and advanced encryption tools
helped to encrypt the personal data in the business. This has helped to secure the financial data
from the hackers.
2

Table of Contents
1.0 Introduction................................................................................................................................4
2.0 Finding and analysis..................................................................................................................4
2.1 Identification key issue of cyber security and resilience.......................................................4
2.2 Integrate cyber security and resilience protocols to ensure corporate survival.....................7
3.0 Recommendation.......................................................................................................................9
4.0 Conclusion...............................................................................................................................10
Reference list.................................................................................................................................11
3

1.0 Introduction
The world is rapidly changing and new technologies are increasing in the market. These new
technologies are also increasing difficulties regarding cyber security. In the recent time,
Australian business organisations are facing cyber security issues. New mechanical intelligence
attracted hackers to access private data of Australian business organisations. Therefore, the
hackers can manipulate the data business organisations to take their cash assets for themselves.
The purpose of this report is to identify the key issue in cyber security and resilience.
Additionally, this report has integrated cyber security protocols to ensure corporate survival and
maintain business performance. Based on the issue regarding cyber security this study has
presented relevant recommendations.
2.0 Finding and analysis
2.1 Identification key issue of cyber security and resilience
Countering cyber risk requires proper evaluation and effective strategies. Proper evaluation can
help to identify the key issues of cyber security. This can also help to take advantage of
opportunities presented by Vast Technology. The organisations can take part in forwarding
thinking and visionary leaders to establish a strategic plan and governance structure in the
business. The Australian business organisation has faced the following issues regarding cyber
security:
New Vulnerabilities
New and advance various technologies such as cloud device, IT technology and internet services
have been introduced in the Australian market. These new technologies are constantly
developing and advanced software is introduced in the market. Based on this new software the
hackers can be able to access the cloud computing device of the organisations. Each new
technology has bought a potential for vulnerabilities for the business organisations. Therefore,
the hackers can access their private financial data and business strategic plans to take advantage
of them. Additionally, the financial data manipulation has reduced the cash assets of Australian
business organisations. Therefore, market liabilities increased and the possibility of bankruptcy
has increased in the market. In the opinion of Gupta et al. (2016, p.5), the organisations can
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

introduce new firewalls in their cloud computing device to secure it from third-party access.
However, the lack of advance firewall system has increased cyber crime in the country.
Human Nature
In case, all employees of Australian business organisations followed relevant rules and
directions, cyber crime can be reduced. On the contrary, the lazy and ignorant nature of the
employees has proved that they do not follow all procedures before securing their private data.
As studied by Buczak and Guven (2016, p.1153), the employees have to secure the data with
relevant password and firewall to restrain it from third parties. The employees clearly do not
follow this procedure in the business. This can help the hacker to gain advantage over the
business organisations. Hence, the hackers can be able to access the private data of the
organisation and manipulate them.
New and developed hacking software
As the new data security system and cloud computing system has improved the hacking software
have also improved. Based on that, the hackers can be able to easily hack old firewall tools
installed in the cloud computing devices. Therefore, hackers can seek innovative process to
commit more cyber crimes in the business. A new technique called Power Shell can use
malicious scripts that are impossible to track. Therefore, the cyber crimes are increasing rapidly
and the business organisations cannot provide relevant solution to reduce hacking of private data
in the business. As opined by Liu et al. (2015, p.1009), the new hacking software is attracting
more people to be hackers and try to take part in the cyber crime. This new software can help the
hackers to plan a newer and better attack on business industries. Therefore, market risks can
increase in the future.
Ransom ware Evolution
Ransom ware is the bane of IT, cyber security, and executive and data professionals. This a type
of virus that spreads in the cloud computing devices and helped the hackers to easily access
business information of the companies (Knowles et al. 2015, p.52). Therefore, the organisations
cannot be able to expand their business due to this virus in their cloud computing devices. Based
on that, the cyber crimes are rapidly increasing over the years.
Blockchain Revolution
In the year 2017, cyber currencies and block chains have gain high popularity. This technical
innovation helped the business organisations to transfer their money online. This process helped
5

the hackers to hack the decrypted data of the transactions and manipulate them. Therefore, the
Australian companies have faced unnecessary losses in the business. The cash assets of the
organisations have also decreased in this process. In addition to that, as stated by Gordon et al.
(2015, p.24), Blockchain revolution has provided a faster process to hack financial transaction of
an organisation.
These key issues have increased cyber crime in Australia and the business is facing market risks.
Furthermore, the issues of cyber resilience have helped the hackers to gain advantage over the
business organisations. The companies can be able to expand securities in the market based on
proper cyber resilience. However, the organisations are facing the following issues regarding
cyber resilience:
Leadership issue
The visionary leaders' views are that cyber resilience is more a matter of culture and strategy
than tactics. Being resilient requires the business organisations to be at their higher level of
leadership skills to avoid business risks. Based on high leadership skills the organisations can be
able to recognise the importance of avoiding and proactively mitigating risks. However, lack of
leadership skills has increased management risks for the business. According to Bell (2017,
p.536), cyber resilience requires experienced leaders and coordinating working environment.
Lack of leadership skills can increase cyber risks in the management. Therefore, the
organisations cannot be able to expand their security protocols in the business. In the recent time,
Wesfarmers has faced issues regarding cyber crime. Due to a cyber attack, this organisation has
reduced their cash assets in the business (Wesfarmers, 2018). This helped the hackers to gain
advantage over the organisations. Moreover, the financial health of the business organisations
can reduce in the market.
Strategic issue
Cyber security is insufficient if the challenges of digitalization can be met in the business.
Therefore, the organisations have to understand the importance of data protection in the business.
Based on that, the companies can be able to improve their cloud computing devices in the
business. However, it has been clear that business organisations required establishing a relevant
strategic plan that can direct the employees of the business. Additionally, the organisations can
secure the data in a password protected device to ensure their privacy in the business. In
accordance to Joiner (2017, p.74), based on an advance strategic plan and governance structure
6

the business organisations can be able to introduce new security protocols in the business.
However, human nature and leadership issues have increased the difficulty to present proper
strategic plan for the business. Therefore, hacking has increased and the possibility of
bankruptcy has increased in the future.
2.2 Integrate cyber security and resilience protocols to ensure corporate survival
Due to high number of advanced hacking software, the business organisations are unable to take
legal action against cyber crime. Therefore, the business industries have to introduce next
generation innovative process to reduce cyber crime in the business. Additionally, the
organisations can be able to expand their financial health in the Australian market by reducing
cyber crimes. In the opinion of Fielder et al. (2016, p.13), the organisation can be able to
improve their security in the management based on advance cyber security protocols.
Routine Access Monitoring
The Australian business organisations can be able to control the protected financial and strategic
data based on routine monitoring. The Board of Directors has to introduce restrictions and
guidelines for the employees. Moreover, the organisations have to perform a relevant
investigation of the employees to understand their potential. In case the management understands
any employee is not following the relevant rules and regulation they can take strict action against
them. The Rio Tinto Group has introduced this new process in the business as they faced cyber
risks in the business (Riotinto, 2018). This guarantees that none of the employees is disobeying
the regulation of the organisations. As opined by Cherdantseva et al. (2016, p.1), the
organisations can improve their security protocol by reducing employment issues in the business.
Based on that, the companies can be able to secure their private data in a password protected
system. Therefore, third parties cannot be able to access the financial data and financial risks can
reduce in the business.
Full-disk Encryption
Full-disk Encryption (FDE) is one of the new and innovative processes to reduce cyber crimes in
the business. Additionally, the organisations can be able to store their personal data in the cloud
computing device based on Full-disk Encryption. This is a quick and inexpensive method to
secure private information by encrypting it (Ben-Asher and Gonzalez, 2015, p.51). This system
can alleviate the impacts of stolen cash assets by restraining reporting needs and fines. The
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

encryption process in of Full-disk Encryption (FDE) in advance and it is difficult for the hackers
to decrypt it. In the recent times, National Australia Bank has introduced this innovative idea in
their business to ensure data security in the business (Nab, 2018). Based on that, the Australian
business organisations can be able to reduce cyber attacks. Similarly, the organisations can
protect their business information from hackers. Additionally, the encrypted data can help to
restrict it from other employees reach.
Maintain cyber resilience principles
The rules of Board Principles for Cyber Resilience it is clear that the organisations required
maintaining all 10 principles of cyber resilience to improve their security (World Economic
Forum 2017). During high leadership issue and strategic issue, the organisation cannot be able to
protect their financial data. The principles of cyber resilience are as the following.
Responsibilities for cyber resilience: The Board of Directors has to set the ultimate
responsibility for the employees regarding cyber risks and resilience. Based on that, the
employees can understand the process to secure business organisations private data.
Additionally, as stated by Cavelty (2014, p.705), the companies can be able to take legal action
against cyber crimes in the business.
Command on the subject: The board members have to provide cyber resilience orientation to
the employees after joining the management. Additionally, the Board of Directors has to provide
regular update on the recent cyber threats in the business. In the opinion of Beaumont (2018,
p.497), the board members can update the recent cyber threats with proper advice and assistance.
Based on that, the employees can be prepared for any cyber crimes in the future.
Accountable employee: Board members have to ensure that one employee is accountable.
Based on that, the employee can present a report regarding the company’s capability to manage
cyber crimes in the business (Iannacone et al. 2015, p.12). Furthermore, the board has to ensure
that transparent and honest employee can access the board regularly. Therefore, the employee
can provide the updates to the board members.
Integration of cyber resilience: Board has to ensure that the management integrates cyber
assessments and cyber resilience in the business strategy. Therefore, the employees can follow
the procedures of the companies.
8

Risk appetite: The board can annually define and quantifies risk tolerance regarding cyber
resilience. This can ensure that cyber resilience is consistent with risk appetite and corporate
strategy.
Risk assessment and reporting: The employee selected by the board can present an
understandable and quantified assessment regarding cyber risks. Based on the report the board
members can provide relevant strategic plan for the employees.
Resilience plan: Board has to ensure that management supports the selected employee’s report
regarding their capabilities. Based on the report the board can introduce a long-term business
plan to maintain advance cyber security in the business.
Community: The board has to encourage the management to collaborate with their stakeholders.
This helps to ensure systematic cyber resilience in the business.
Review: Based on the report of selected employee an independent cyber resilience review has to
carry out annually. Therefore, the board can understand the progress regarding their cyber
security from year to year.
Effectiveness: The annual review of cyber resilience can help the business organisations to
determine their management effectiveness. This can help the organisation to maintain high
security protocols (Elmaghraby and Losavio (2014, p.491).
3.0 Recommendation
Based on the above security protocols recommendations regarding cyber resilience are
High leadership skills: The Australian business industries can hire high skilled employees as
team leader in the management. Based on highly skilled and experienced employees the
organisation can be able to reduce employment issue in the business. The leaders can encourage
employees to follow relevant rules and regulation in the business. Therefore, personal data can
be secured in the cloud storage devices.
Follow Board Principles for Cyber Resilience rules: Australian business organisations if
follows the 10 board principles the organisation can be able to improve their security protocols in
the business. Additionally, the business organisations can determine their management
effectiveness against cyber crimes.
Advance encryption tools: FDE is a quick and inexpensive method to secure private
information by encrypting it. Australian business organisations can be able to reduce cyber
9

attacks. Similarly, as influenced by Rodriguez et al. (2015, p.1620), the organisations can protect
their business information from hackers by using advanced encryption tools in the management.
Improved strategic management: Based on the board principles of Australian business
organisation can present a report regarding their organisational capabilities. In case board
understand their management operation has decreased in the business then they introduce a new
long-term business plan to reduce cyber risks in the business. As influenced by Alexeev et al.
(2017, p.23), the organisation can be able to improve their security protocols by establishing an
effective governance structure and strategic plan.
4.0 Conclusion
It can be concluded that cyber security is essential for the business organisations to reduce cyber
crimes. The new technologies have bought vulnerability for the business organisations.
Moreover, the lazy and ignorant nature of the employees has proved that they do not follow all
procedures before securing their private data. Based on new hacking software hackers can be
able to easily hack old firewall tools installed in the cloud computing devices. However, the rules
of Board Principles for Cyber Resilience can help the organisations to present a report regarding
their management effectiveness. Australian company can introduce long-term business strategies
regarding their report against cyber crime. Therefore, the companies can be able to take proper
action against the hackers. Similarly, the cyber attack can reduce in the future.
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Reference list
Alexeev, A., Henshel, D.S., Levitt, K., McDaniel, P., Rivera, B., Templeton, S. and Weisman,
M., (2017), January. Constructing a science of cyber-resilience for military systems. In NATO
IST-153 Workshop on Cyber Resilience (pp. 23-25). Available at:
http://ceur-ws.org/Vol-2040/paper4.pdf [Accessed on 3rd August, 2018]
Beaumont, P., (2018). Cybersecurity Risks and Automated Maritime Container Terminals in the
Age of 4IR. In Handbook of Research on Information and Cyber Security in the Fourth
Industrial Revolution (pp. 497-516). IGI Global. Available at:
https://www.igi-global.com/chapter/cybersecurity-risks-and-automated-maritime-container-
terminals-in-the-age-of-4ir/206794 [Accessed on 3rd August, 2018]
Bell, S., (2017). Cybersecurity is not just a'big business' issue. Governance Directions, 69(9),
p.536. Available at: https://www.mcgrathnicol.com/app/uploads/cybersecurity-sme-october-
2017.pdf [Accessed on 3rd August, 2018]
Ben-Asher, N. and Gonzalez, C., (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61. Available at:
http://www.academia.edu/download/42320447/Effects_of_cyber_security_knowledge_on_a2016
0207-26129-1m9ln49.pdf [Accessed on 3rd August, 2018]
Buczak, A.L. and Guven, E., (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153-
1176. Available at: https://ieeexplore.ieee.org/iel7/9739/7475979/07307098.pdf [Accessed on
3rd August, 2018]
Cavelty, M.D., (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715. Available at:
https://www.researchgate.net/profile/Saeed_Ullah_Jan2/post/What_are_current_trending_topics_
in_Cybersecurity/attachment/5a72e68c4cde266d5887ee48/AS
%3A589166148587521%401517479564706/download/02.pdf [Accessed on 3rd August, 2018]
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
(2016). A review of cyber security risk assessment methods for SCADA systems. Computers &
security, 56, pp.1-27. Available at:
11

https://www.sciencedirect.com/science/article/pii/S0167404815001388 [Accessed on 3rd
August, 2018]
Elmaghraby, A.S. and Losavio, M.M., (2014). Cyber security challenges in Smart Cities: Safety,
security and privacy. Journal of advanced research, 5(4), pp.491-497. Available at:
https://www.sciencedirect.com/science/article/pii/S2090123214000290 [Accessed on 3rd
August, 2018]
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, pp.13-23. Available at:
https://www.sciencedirect.com/science/article/pii/S0167923616300239 [Accessed on 3rd
August, 2018]
Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Zhou, L., (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb
model. Journal of Information Security, 6(1), p.24. Available at:
https://file.scirp.org/pdf/JIS_2015010710521369.pdf [Accessed on 3rd August, 2018]
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global. Available at:
https://www.researchgate.net/profile/Shashank_Gupta35/publication/
303722441_Reviewing_the_Security_Features_in_Contemporary_Security_Policies_and_Model
s_for_Multiple_Platforms/links/574f989a08ae10b2ec05620b.pdf [Accessed on 3rd August,
2018]
Iannacone, M., Bohn, S., Nakamura, G., Gerth, J., Huffer, K., Bridges, R., Ferragut, E. and
Goodall, J., (2015), April. Developing an ontology for cyber security knowledge graphs.
In Proceedings of the 10th Annual Cyber and Information Security Research Conference (p. 12).
ACM. Available at:
https://www.researchgate.net/profile/Robert_Bridges3/publication/300525722_Developing_an_
Ontology_for_Cyber_Security_Knowledge_Graphs/links/58cfe3d2a6fdccff68e31122/
Developing-an-Ontology-for-Cyber-Security-Knowledge-Graphs.pdf [Accessed on 3rd August,
2018]
Joiner, K.F., (2017). How Australia can catch up to US cyber resilience by understanding that
cyber survivability test and evaluation drives defense investment. Information Security Journal:
A Global Perspective, 26(2), pp.74-84. Available at:
12

https://www.tandfonline.com/doi/abs/10.1080/19393555.2017.1293198 [Accessed on 3rd
August, 2018]
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., (2015). A survey of cyber
security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp.52-80. Available at:
http://daneshyari.com/article/preview/275730.pdf [Accessed on 3rd August, 2018]
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M. and Liu, M., (2015), August.
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX Security
Symposium (pp. 1009-1024). Available at:
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-liu.pdf [Accessed
on 3rd August, 2018]
Nab, (2018), About Us, Available at: https://www.nab.com.au/ [Accessed on 3rd August, 2018]
Riotinto, (2018), About Us, Available at: https://www.riotinto.com/ [Accessed on 3rd August,
2018]
Rodriguez, L., Curtis, D., Choudhury, S., Oler, K., Nordquist, P., Chen, P.Y. and Ray, I., (2015),
October. Action Recommendation for Cyber Resilience. In Proceedings of the 22nd ACM
SIGSAC Conference on Computer and Communications Security (pp. 1620-1622). ACM.
Available at: https://sutanay.github.io/publications/2015_acm_ccs_demo.pdf [Accessed on 3rd
August, 2018]
Wesfarmers, (2018), About Us, Available at: http://www.wesfarmers.com.au/ [Accessed on 3rd
August, 2018]
World Economic Forum (2017), Advancing Cyber Resilience: Principles and Tools for Boards,
Available at: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-
Tools.pdf [Accessed on 3rd August, 2018]
13