Far too often in the present day, we hear of data breaches to companies across the globe, including governments and their respective organisations. A recent example is a cyber attack in New Zealand on the Waikato DHB, where a massive ransomware attack effectively shut down the DHB. Inadequacy of systems security and appropriate policies were highlighted, and the under-resourced training for DHB staff. Legacy systems were outdated by up to five years in the damning report. The attack was a severe breach, affecting patients with critical care needs and planned operations.
A more recent international ransomware attack of mega proportions is the Medibank data breach which has affected 9.7million people across Australia. Like the Waikato DHB attack, the criminals behind this have released medical information on the dark web with highly personal and confidential information. The monetary demands have not, and from what we read in the various statements from the CEO of Medibank and the Australian Federal Police, the ransom demands will not be met. As this attack is still an ongoing crime, we will yet to hear once a report is commissioned into the attack exactly what the causation of this attack was and where the weaknesses in the systems and policies of Medibank were exposed.
Agility in today’s organisations
In light of these quite real situations, I need to be adequately experienced enough to delve deeply into the content of cyber attacks and IT resilience, policies and protocols. However, the one area of recruitment we support is skillsets in risk and compliance focused on controls for risk management systems. Cyber threats and ransomware attacks made me think of some of the challenges that Chief Information Officers face in today’s organisations. In the case of the DHB, I assume that reading between the lines, a challenge is the lack of flexibility within the organisation. In a rapidly changing world, technology and the need for ease of technology have escalated massively, especially throughout the coronavirus pandemic. Companies have had to respond and adapt to ever-changing conditions, aiming to be more flexible but needing stability to maintain ongoing continuity with their customers and staff.
Risk management frameworks and why all businesses need them
Building, developing, implementing and maintaining risk management frameworks is imperative to empower a business’s agility by codifying best practices for the company to have the ability to be resilient and responsive. The risk management framework can be applied in many areas of a business. To develop the risk cycle, you need to categorise the current information and what assets need to be protected by the framework. Through this process, you consider and select the controls required to secure the assets for implementation. The next process the business must do is test these controls to assess and understand the level of security that these controls provide. If they are suitable and all weaknesses are identified and corrected, then the information system is ready to go live, and ongoing monitoring is to be conducted of the systems.
It would be interesting to understand the two examples I have highlighted as to the existing risk management frameworks that were in place at the time of these attacks, the complexity of the frameworks and the resilience and responsiveness of the organisation to respond to challenges. What will they do to reduce structure and barriers in the organisation to be more business agile to respond to challenges far quicker?
Hacking seems to be big business these days, and the need for candidate skills in the cyber and data risk space will continue to be an ongoing need for organisations. We have also seen some intensification in the upliftment of governance reporting in the technology areas of the banking, insurance and financial services organisations for which we supply recruitment services.
Some recent assignments that we have completed on behalf of our clients who have risk upliftment projects ongoing:
Senior Manager Controls Assurance
Technology Governance Manager
Data Governance Specialist
Manager, Data & Technology Risk
Head of Controls Performance
Keep a watch on our job boards here. This is not an inclusive list of all roles we are working on but do reach out as we understand our markets and where the opportunities exist for your skillset. See a Financial services overview for 2022.
Simply put, Tyler Wren finds the best opportunities for their job seekers and the best employees for their employers across Australia and New Zealand. Here at Tyler Wren, we know good people know good people. If you refer someone to Tyler Wren, whom we secure a new role, we offer a voucher of *$600. Click here to refer a friend.