Tens of thousands of vulnerabilities and limited contingency in business, Deloitte finds
Cybersecurity scanning tools are often picking up thousands of vulnerabilities in a single company, Deloitte testing has found.
Cybersecurity scanning tools are often picking up thousands of vulnerabilities in a single company, Deloitte testing has found.
It comes as a cyber breach at a multinational logistics company shut down four ports responsible for 40 per cent of Australia’s imports and exports. The DP World breach, which halted four ports in Brisbane, Sydney, Melbourne and Fremantle over the weekend, left a backlog of 30,000 containers which would not be cleared before Saturday.
Deloitte risk awareness partner David Owen said finding that many vulnerabilities was not uncommon and most companies weren’t prepared to deal with outages that lasted beyond a few days.
“I still see quite a few organisations with a lot of known cyber vulnerabilities when they run a discovery tool. It’s not uncommon to see 20,000 to 30,000 individual cyber vulnerabilities,” he said.
Most companies only planned for short-term outages leaving staff in a stressful environment should systems not be returned within a short period.
“Most business continuity plans that we see typically assume that core business systems are back on within 48 or 72 hours,” Mr Owen said. “That’s OK in simple events but we have seen ransom incidents where core systems are off five to eight weeks.”
In a bid to get ahead of the curve on outages and cyber breaches, some companies were going back to pen and paper, said Deloitte supply chain consulting partner Chris Coldrick.
Some businesses were coming up with plans to last several weeks without access to core systems and trying to get as close as possible to normal operations.
“Some companies are planning to operate in a compromised state that lasts four to eight weeks,” he said.
However, operating in a compromised state could mean giving up half your revenue, he said.
Australia’s ocean freight industry was susceptible to a number of variables that could affect delivery times, from bad weather to outages, Mr Coldrick said. Some businesses would see intermittent log jams at various stages from docks to the warehouse, and those awaiting chilled products would feel the impact of disruptions the most.
“Chilled product delays do see shelf life impact that does have a more material impact because you can’t mitigate that with inventory,” he said.
When outages did occur, the nation didn’t have the manpower to get through long delays, jams and move more containers than usual as needed.
“Labour has been a problem in most of the countries I’m aware of for a while and it was the big topic of discussion as we emerged from Covid,” he said. “Generally it’s safe to say in those professions we’re not overwhelmed with excess capacity so there isn’t a big casual force who can come back into the sector and provide surge capacity if it’s necessary.”
Mr Coldrick said much of the freight being shipped to Australia for Christmas would have already arrived and any disruptions would likely affect businesses in January.
“The sheer size of the Christmas peak means you have to start the stock build quite a few months in advance,” he said. “Most of the companies I work with are not so worried about Christmas, most of that has been taken care of.”
More Coverage
Why that Valentine’s Day gift might head back to the shop
Australians returned more than $11m in gifts, or 88,600 items, in the fortnight after Christmas and it could be down to people cashing in what they can to make ends meet, a data collector says.
CEO still MIA as Richard White is back with a vengeance
WiseTech says it is progressing with its search for a new chief, as Richard White wastes no time settling into his new $1m a year consulting role at the company he took some brief leave from.