Awareness is simply not good enough

 The pundits - many of whom are experts and at the cutting edge of what is "happening out there - are constantly alerting us to the ongoing risks associated with the internet.Here, in a piece in The Australian Financial Review (behind a firewall) Anthony Wong, President of the Australian Computer Society, writes:

"We are notorious as a species for thinking it always happens to someone else (until it happens to us) and for putting in place rules and regulations after the damage is done, thinking it will prevent future occurrences. But this doesn't work for cyber: the goalposts are constantly moving. Current threats evolve and new ones appear on a daily basis.
 Gemalto's latest Breach Level Index revealed that 1.4 billion data records were compromised last year, an 86 per cent increase over 2015. In Australia alone, in the last financial year, AusCERT (Australian Computer Emergency Response Team) responded to 14,804 incidents affecting Australian businesses, 418 of which involved systems of national interest and critical infrastructure.
A cyber incident at your workplace then is not an if, but a when.And when it happens, the cost can be measured in a lot more than red faces – according to the latest ACS Australia's Digital Pulse 2017 report, the average cost of a cyberattack to an Australian business is around $419,000, up from $276,000 two years earlier."And:

"Cyber resilience, then, is now a critical business process. It is the practice of being prepared. Having policies and procedures in place to deal with the inevitable breach as well as clear steps on how to minimise the impact, mitigate consequences, and getting the business back online."