From today, businesses are legally required to report ransomware payments.

If someone extorts payment from you by locking up your data, you now have 72 hours to tell the Government – or potentially face disciplinary action.

The rule change will apply to businesses with an annual turnover of $3 million or more; you’ll also be obligated to pay if you’re responsible for a “critical infrastructure asset” (under Part 2B of the 2018 SOCI Act). Non-monetary payments (e.g. services, gifts, or information) will also need to be reported.

Note that this change doesn’t mean you have to report every ransomware attack – just instances where a payment was made. You might still need to report under existing obligations, but small businesses are generally exempt from these.

Small businesses still need to take action

Though the new rules target larger businesses – who are more likely to pay extortioners – that doesn’t mean that small businesses don’t get attacked.

“Small business gets targeted all the time,” said IT consultant and Tech Seek founder Fil Strati.

Strati, who works with small businesses, once had a small dental clinic on his books who lost their files to a ransomware attack. All the files were infected except for the database files for their practice software. The clinic didn’t pay the ransom, and the files weren’t critical, but it was still a memorable lesson.

“[The malware] wasn’t looking for those particular files,” Strati explained. “They were lucky.”

Meanwhile, larger firms have been picking up a shift in targets when it comes to ransomware attacks.

“Our Incident Response team has noticed a shift away from ‘big game hunting’, or ransomware attacks targeting the big end of town, and towards SMEs who are generally less prepared,” said Mark Thomas, Director of Security Services ANZ at Arctic Wolf.

What you need to know

Never pay a ransom. If you do pay up, said Strati, there’s no guarantee you get your data back. And paying can tell a cybercriminal that you’re cashed up, making you vulnerable to retargeting.

Instead, small businesses should have a secure backup system in place, Strati advised.

“A lot of small-business owners will plug in an external hard drive and use that as their backup,” he explained. “But if that drive is connected, when you get infected, it will jump across to that drive as well.”

Beware of using cloud storage – that can also be infected by malware, Strati added.

As for how often you need to backup, that depends on how much data you can afford to lose. If you could lose a month’s worth of data, for instance, then maybe you only need to back up once a month.

If you are targeted – or if you have been targeted before – don’t feel bad. It can be easy to fall for a scam when you’re stressed or busy with running a business.

“It’s designed to catch you when you’re too busy,” said Strati. “We’re so busy doing what we’re doing.”

What can you do to protect yourself?

ISB asked Strati what a small-business owner can reasonably do to protect their business from a ransomware attack. Here are some steps you can take:

• Train your staff to recognise cyber threats.
• Use multi-factor authentication.
• Backup as frequently as you can afford to lose data.
• Physically separate your backups from your computer.
• Consider endpoint protection and response (EDR) software: In the event of an attack, this can help you figure out what data has been breached. Strati encourages businesses who handle sensitive data to consider this option.
• If you’re particularly concerned, consider paying your antivirus service provider for round-the-clock monitoring via a security operation centre, if your provider offers this.
• Never pay a ransom – this could just invite further extortion attempts later.
• Know who to call in the event of an attack – i.e. who owns your domain? Do you have a tech provider for your website?
• Make an emergency plan with contact details and clear steps in case an attack happens to you, so you can attack as quickly and calmly as possible.

The post New ransomware rules for businesses: Are you prepared for an attack? appeared first on Inside Small Business.

Rise in online breaches

One report, the 2025 Data Breach Investigations Report (DBIR) by Verizon Business, has revealed a surge in system breaches across the Asia-Pacific region. Malware accounted for 83 per cent of the breaches this year, and ransomware accounted for 51 per cent.

“This year’s report reinforces the growing complexity and persistence of cyber threats facing organisations worldwide. In the Asia-Pacific region in particular, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks,” said Robert Le Busque, regional VP Asia Pacific for Verizon Business. 

The report also revealed an alarming rise in espionage-motivated attacks in the manufacturing and healthcare sectors, and persistent threats to the education, financial, and retail industries. It also noted that the median ransom payment to cybercriminals amounted to US$115,000, a significant amount for many small and medium-sized businesses (SMEs).

“Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64 per cent not paying vs 50 per cent two years ago. The glass-half-empty personas will see in the DBIR that organisations that don’t have the proper IT and cybersecurity maturity – often the SME sized organisations – are paying the price for their size with ransomware being present in 88 per cent of breaches,” said Craig Robinson, research VP, security services at IDC.

According to Verizon Business, educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness” 

Bots derailing e-commerce traffic

Meanwhile, a report by application security and delivery solutions provider Radware found that automated bots – good and bad bots – accounted for 57 per cent of e-commerce website traffic during the 2024 holiday season. 

The 2025 E-commerce Bot Threat Report found that bad bots made up 31 per cent of total internet traffic during the last holiday season and nearly 60 per cent of the malicious traffic that employed advanced behavioural techniques to evade traditional threat detection. Malicious bot traffic directed at mobile platforms also rose 160 per cent between the 2023 and 2024 holiday shopping seasons.

The report also noted that this was the first time that automated, non-DDoS generating bots drove more traffic than human shoppers, signalling a critical shift in the cybersecurity landscape for e-commerce providers and online retailers.

“Bad bots are no longer just based on simple scripts – they’re sophisticated, AI-enhanced agents capable of outsmarting traditional defence,” said Ron Meyran, Radware’s VP of cyber threat intelligence. “E-commerce providers and online retailers that rely on conventional security measures will find themselves increasingly exposed, not just during the holidays but year-round.”

The report pointed out that combating these bots requires sophisticated security strategies, including accurate AI-powered detection of attack patterns, including rotating IPs and identities, distributed attacks, Captcha farm services, and other advanced anomalies, without causing false positives.

The post Small businesses facing growing threats from breaches and bots appeared first on Inside Small Business.

Despite a growing focus on the need for cybersecurity to reduce risk, a lack of experienced cybersecurity staff, underinvestment in cybersecurity solutions, and smaller IT budgets mean that SMEs are still typically more vulnerable to threats and suffer more proportionally from the results of cyberattacks than their larger counterparts. And, when hit by these attacks, the cost of recovery is crippling, and many small businesses are forced to close up shop permanently.

Worryingly, cybercriminals understand these factors and have placed a big target on small businesses.

Cybercrime goldmine

With the collection and use of data growing exponentially now that almost every business from your local gift shop to the neighbourhood mechanic has a digital footprint, the key reward for cybercriminals is data. This is particularly true for SMEs as they tend to use one service or software application, per function, for their entire operation. Given this, hackers can access multiple departments and platforms of the business, which causes a ripple effect of damages; stolen credentials could provide access to accounting software, which could then provide access to targeted financials that can be sent to the hacker’s own accounts.

As a result, SMEs have experienced accelerating rates of credential and data theft. According to Sophos’ 2024 Threat Report, nearly 50 per cent of malware detections for SMEs were keyloggers, spyware, and stealers malware that attackers use to steal credentials and data. This stolen information was then used to gain unauthorised remote access, extort victims, and deploy ransomware.

Ransomware remains supreme

Sophos’ 2024 Threat Report also found that ransomware tactics continued to evolve. Ransomware attackers were not only targeting managed service providers (MSPs) but also leveraged remote encryption at much higher rates than previously recorded. The report found between 2022 and 2023, the number of ransomware attacks that involved remote encryption increased by 62 per cent.

Furthermore, despite being small, the same cannot be said about the threats SMEs face. Sophos uncovered LockBit as the top ransomware group wreaking havoc on SMEs – a ransomware gang largely recognised as being the most prolific and harmful globally. Ransomware gangs Akira and BlackCat were second and third, respectively. SMEs studied in the 2024 Threat report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.

Therefore, when stature and resources fall into favour of cybercriminals, SMEs must consider how to effectively improve cybersecurity measures while working within tighter constraints.

Shields-up defences

Enhancing cybersecurity within small businesses begins with a culture shift. Cybercriminals expect SMEs to be less prepared, without sophisticated, modern tools and solutions, so it is essential these assumptions are proved wrong.

SMEs must educate staff, deploy multifactor authentication on all externally facing assets, continually patch servers and network appliances, and consider migrating difficult-to-manage assets like Microsoft Exchange servers to SaaS email platforms. Given their smaller manpower, SMEs can also look to invest in managed detection and response solutions. These third-party 24/7 threat scanning services are provided by experienced cybersecurity professionals giving the business the peace of mind that the experts have its back.

Cybercriminals are relying on SMEs to have gaps in their security, and given the interconnectedness of their platforms and software, if attackers gain access to one part of the system, the likelihood of them wreaking damage throughout the rest of the network is high. Therefore, it is imperative SMEs take the necessary steps to reduce their risk factor and aim to be the unexpected business that is prepared to defeat cyberattacks.

The post Cybercrime: a big target on small business appeared first on Inside Small Business.

The research shows that 50 per cent of malware detections for SMEs were keyloggers, spyware and stealers, which are malware that attackers use to steal data and credentials. Attackers subsequently use this stolen information to gain unauthorised remote access, extort victims, deploy ransomware, and other nefarious activities.

The report also analysed the activities of initial access brokers (IABs) who are criminals who specialise in breaking into computer networks. What it found is that IABs are using the dark web to advertise their ability and services to break specifically into SME networks or sell ready-to-go access to SMEs they’ve already cracked.

“The value of data as currency has increased exponentially among cybercriminals, and this is particularly true for SMEs, which tend to use one service or software application, per function, for their entire operation,” Christopher Budd, director of Sophos X-Ops research at Sophos, said. “For example, let’s say attackers deploy an infostealer on their target’s network to steal credentials and then get hold of the password for the company’s accounting software. Attackers could then gain access to the targeted company’s financials and have the ability to funnel funds into their own accounts.

“There’s a reason that more than 90 per cent of all cyberattacks reported to Sophos in 2023 involved data or credential theft, whether through ransomware attacks, data extortion, unauthorised remote access, or simply data theft,” Budd added.

While the number of ransomware attacks against SMEs has stabilised, it continues to be the biggest cyber threatra to SMEs. Out of the SME cases handled by Sophos, LockBit was the top ransomware gang wreaking havoc. Akira and BlackCat were second and third, respectively. SMEs studied in the report also faced attacks by lingering older and lesser-known ransomware, such as BitLocker and Crytox.

Ransomware operators also continue to change ransomware tactics, according to the report. This includes leveraging remote encryption and targeting managed service providers (MSPs). Between 2022 and 2023, the number of ransomware attacks that involved remote encryption, when attackers use an unmanaged device on organisations’ networks to encrypt files on other systems in the network, increased by 62 per cent.

Business email compromise (BEC) attacks were the second-highest type of attack that Sophos has handled in 2023, as noted by the report. Worse, these BEC attacks and other social engineering campaigns contain an increasing level of sophistication wherein attackers are now more likely to engage with their targets by sending a series of conversational emails back and forth or even calling them rather than sending an email with a malicious attachment,

In an attempt to evade detection by traditional spam prevention tools, attackers are also noted to be experimenting with new formats for their malicious content, embedding images that contain the malicious code or sending malicious attachments in OneNote or archive formats.

The post Range and extent of cybersecurity threats facing SMEs on the rise appeared first on Inside Small Business.

In its report “Ransomware on the Move: Exploitation Techniques and the Active Pursuit of Zero-Days”, Akamai found that ransomware groups have shifted their modus operandi from phishing to vulnerability abuse in order to exploit unknown security threats and infiltrate business internal networks to deploy ransomware, targeting the exfiltration of files, the unauthorised extraction or transfer of sensitive information. This indicates file backup solutions are no longer a sufficient strategy to protect against ransomware.

Small-to-medium sized enterprises (SMEs) make up the majority of ransomware victims in the region with a reported revenue of up to US$50 million that cybercriminals are eager to target, with those in the manufacturing, business services, construction, retail, as well as energy, utilities, and telecommunications industries are at greater risk of being targeted by these attacks.

Akamai warns that unless cybersecurity standards are strengthened, organisations will continue to be vulnerable to disruption as it has been found that victims of multiple ransomware attacks were more than 6x more likely to experience the second attack within three months of the first attack

“Adversaries behind ransomware attacks continue to evolve their techniques and strategies striking at the heart of organisations by exfiltrating their critical and sensitive information,” said Dean Houari, Director of Security Technology and Strategy, at Akamai. “It’s imperative that both the private and public sectors across Asia Pacific strengthen collaboration to help organisations defend against ever-growing ransomware threats.”

“Businesses – especially SMEs – must work to adopt a zero trust architecture starting with software defined microsegmentation in order to effectively mitigate ever evolving cyber attacks as well as Ransomware-as-a-Service. By doing so, they can successfully protect their critical assets, business reputation, and ensure business continuity regardless of the type of attack tool deployed by cyber criminal gangs,” he concluded.

The post SMEs make up majority of ransomware victims appeared first on Inside Small Business.

The 2023 X-Force Threat Intelligence Index report revealed that although ransomware incidents have slightly declined by four per cent in 2022 from the previous year thanks to improved detection and prevention of ransomware, cybercriminals have also made ‘innovations’ in their efforts as well, with the average time to complete a ransomware attack dropped from 2 months down to just less than 4 days.

The report particularly noted that email thread hijacking surged in the past year, having a 100 per cent jump compared to 2021 data. Commonly used to deliver malware families regularly used in ransomware operations, email thread hijacking and other email threats have grown to such sophistication that attackers can now hijack a user’s email account by pretending to be that user with the ability to read and reply to recent emails.

In addition, the deployment of backdoors, which allowed for remote access to systems, emerged as the top activity conducted by cybercriminals during that period., with about 67 per cent of those backdoor cases related to ransomware attempts. The uptick in backdoor deployments is being partially attributed to their high market value, going for as much as $10,000 for backdoor access to a business’ internal network.

“The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term,” said Charles Henderson, Head of IBM Security X-Force. “But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”

As a result of these cybercriminal activities, many businesses suffered as a result, with 27 per cent of them underwent extortion, followed closely by data theft at 19 per cent. Manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about one in four attacks in 2022. Ransomware and backdoor deployments together made up more than half of all incidents observed in 2022.

Chris Hockings, Chief Technology Officer, IBM Security Asia Pacific commented, “The modern attack surfaces are becoming larger and more complex by the day, as organisations adopt cloud services and hybrid work models. Australian organisations need to manage three sub-surfaces: the digital attack surface, the physical attack surface, and the social engineering attack surface.

Hockings added, “The good news is there is technology and capability available to close the gap between a successful attack and its detection and mitigation, but businesses must drive a proactive, threat-driven security strategy. One of the fundamentals of Zero Trust is ‘assume breach’. An organisation’s response needs to swing continuously between detection and response to disrupt adversaries earlier in the attack chain and be applied across the end-to-end security environment.”

He concluded, “The US Government is driving cybersecurity standards around zero trust, which will ultimately permeate the cyber security landscape to enable more integrated protection, detection, and response motions. As these practices evolve, governments across Asia Pacific will have opportunity to mature their own standards aligned with these zero trust fundamentals.”

The post Email thread hijacking on the rise despite improved ransomware detection appeared first on Inside Small Business.

Unfortunately, for all of us, ransomware continues to thrive. Threat actors are quicker to evolve and change as the cybersecurity landscape advances. Attacks have grown significantly in both profile and impact, causing massive financial and operational damage to Australian businesses. In fact, there was a 15 per cent increase in ransomware cybercrime reports in the 2020-2021 financial year, with Australian businesses losing more than AU$33 billion to cyber-crime in this period. This increase has been associated with an increasing willingness of criminals to extort money from particularly vulnerable and critical elements of society.

As organisations become better at backing up their data and restoring encrypted files from backups, attackers have begun to incorporate additional extortion measures into their approach for demanding a ransom in return for decryption keys, to ramp up the pressure to pay.

Attackers have emailed or phoned organisations’ employees, calling them by their name and sharing personal details that have been stolen, such as details of any disciplinary action or financial or passport information, with the aim of scaring them into paying the ransom. This shows how ransomware attackers’ behaviour is shifting from technical attacks targeting systems and data, to targeting people and using coercion to force payment.

Sophos has compiled the top 10 pressure tactics used by adversaries in 2021, to help organisations improve their defences:

1. Stealing data and threatening to publish or auction it online: Attackers are publishing stolen data online for competitors, customers, partners, the media, and others to see.
2. Emailing and calling employees, including senior executives, threatening to reveal their personal information
3. Notifying or threatening to notify business partners, customers, the media, and more of the data breach and exfiltration
4. Silencing victims by warning them not to contact the authorities
5. Recruiting insiders to help breach networks in return for a share of the takings.
6. Resetting passwords after breaching the network, thereby blocking IT administrators from logging in to the network to fix the system.
7. Phishing attacks targeting victim email accounts. In one incident investigated by Sophos, attackers targeted employees with phishing emails to trick them into installing an application that provided the attackers with full access to email accounts, even after they reset their passwords.
8. Deleting online backups and shadow volume copies. During their reconnaissance of a victim’s network, ransomware operators will delete any backups connected to the network so the victim cannot rely on them to restore encrypted files.
9. Printing physical copies of the ransom note on all connected devices, including point of sale terminals
10. Launching distributed denial-of-service attacks against the target’s website: Avaddon, DarkSide, RagnarLocker, and SunCrypt have used distributed denial of service (DDoS) attacks when ransom negotiations have stalled, to force targets back to the table.

All of this may seem like a lot, but there are ways we can counter these threats. The strongest approach is to combine employee awareness with advanced security.

Businesses should implement employee awareness programs and establish a 24/7 contact point for employees so they can better identify and easily report approaches from attackers.

On top of this, constant monitoring of network security, and awareness of the five early indicators an attacker is present, helps stop ransomware attacks before they launch. Keeping regular back-ups of the most important and current data on an offline storage device and having an effective incident response plan in place and updating it as needed is also key for protecting organisations.

The post Pressure to pay: the top 10 tactics employed by ransomware adversaries appeared first on Inside Small Business.

MYOB’s Head of Information and Cyber Security Peter Wolski said that across the board, customers have felt and are highly concerned about the impact of the rise in scams targeting small businesses.

“The two types of scams we have seen on the rise and concerning for any small-business owner, are business email compromise and ransomware scams,” Wolski said. “All businesses can be targeted, but particularly those where money moves around in large quantities can be attractive to criminals, such as in the real estate or construction sectors.”

Scamwatch also reports that threats and extortion scams, including malware and ransomware, have resulted in losses of more than $10 million this year, with more than $3 million lost in the month of June alone. There have been more than 30,000 reports of threats and extortion scams and more than 13,000 reports of hacking so far this year.

Of particular concern is the business email compromise scam, in which someone sends an invoice posing as a supplier, with different payment details, putting business owners at risk of sending money directly to those who have stolen the vendor’s identity. Ransomware is another cause for concern, with scammers encrypting data found on the network they hacked and extorts the small business that owns the data for money to regain access to such data.

“We know small business owners are time-poor, however, security is as critical for businesses as insurance,” Wolski said. The most important measure is multi-factor authentication on business and personal accounts, your email provider will have this option in their settings and it’s as easy as clicking a button.

“Also stay across the scams that are prevalent, like the change in bank details for a supplier,” Wolski added. “If you get a request for a change like this, take the time to call the supplier. That phone call can save you thousands of dollars.”

The post Small businesses urged to be vigilant about scams appeared first on Inside Small Business.

While there are cybersecurity tools available that can help protect organisations from malicious attacks, ransomware is a particularly insidious threat that can be very hard to defend against. Even though organisations should deploy the strongest IT security tools they can afford, the fact remains that attacks will occur and the odds of an attack succeeding are, unfortunately high.

Adding complexity to the recovery process is the fact that attackers are now targeting backups prior to attacking production data – a victim that cannot turn to their backups for recovery is far more likely to pay any ransom demanded to get production data back.

While a cyberinsurance policy may help offset or defray some of the financial costs associated with the downtime associated with a ransomware attack, it does nothing to help get the business back operational in a meaningful timeframe. Cyberinsurance may pay for some of the losses; however, the premiums can be enormous, and it can be hard to understand exactly what’s covered under the policy. In fact, it could be possible that ransomware attackers are deliberately targeting organisations that have insurance because they know these organisations are more likely to pay the ransom.

This all leads to the conclusion that cyberinsurance should be considered a cost reduction strategy, which can be pursued after a business is back to normal operations. Infrastructure solutions that help ensure backups cannot be compromised, and more importantly, ensure data can be restored in a timely fashion, should be the primary investment and can be considered a form of self-insurance.

The right type of backups can significantly mitigate the risk of significant disruption and financial losses following a ransomware attack in the following three ways:

1. Protect backups from attack
Most backups are just as vulnerable to cyberattacks as the company’s original data. Organisations should look for solutions that can augment existing backup platforms and add an immutable layer of protection around them so that even in the event of an attacker having compromised administrative credentials they are unable to damage backups.

2. Use a fast recovery system
A cyber breach is quite likely to be the only scenario that triggers a full restore of all data.  Legacy backup (not recovery) solutions handle the backup well; however, were never designed to actually restore the data quickly. Augmenting existing backup platforms to restore mission-critical systems in a timeframe that is acceptable for getting the business operating again is critical.

3. Choose an easy-to-use solution that you can build easy processes around
When the business is under attack and stress levels are high, the last thing the IT team needs is a complex, hard-to-use disaster recovery system hindering the recovery process. Instead, it’s important to choose a solution that restores data quickly and reliably with just a few clicks – using the existing data protection software stack.

While insurance companies are still working to determine the best approach for cyberinsurance policies, savvy businesses are proactively moving to self-insure or protect themselves, from ransomware attacks. Putting the right infrastructure solutions in place will help businesses reduce their risk profile by ensuring backups are protected from attack and decreasing the time to recover from attacks. This helps mitigate the ransomware risk and reduce business impact.

The post Cyberinsurance or self-insurance: dealing with the latest wave of ransomware attacks appeared first on Inside Small Business.

For small businesses specifically, the effects of a cyber attack can be even more devastating. While these small-scale attacks may not be enough to generate major news headlines, the impact a cyber-breach has on the day-to-day running of a business, along with the fiscal ramifications, can do irreparable damage.

With many small businesses continuing to work from home, it’s important to remember the role that remote work has to play on businesses’ ability to respond to data breaches. According to a study from 2020 by IBM security, of participants who said their organizations required remote work in response to COVID-19, more than three-quarters (76 per cent) said it would increase the time to identify and contain data breaches.

In many cases, a lack of understanding around cyber security is to blame. A report from the government’s Australian Cyber Security Centre (ACSC) found almost half of SMEs rated their cyber security understanding as ‘average’ or ‘below average’ and had poor cyber security practices. One in five SMEs did not know the term ‘phishing’. Many businesses were unaware of the threats they face, with SMEs who outsource their IT security believing they are better protected than they really are.

It’s clear that in order to protect their businesses from attack, owners need to have a better overall understanding of what they’re up against. The first step is to understand the various different forms of attack, including malware, phishing, ransomware, trojan, keystroke logging, insider threats, and spear phishing.

Businesses should take the time to thoroughly research these various forms of cyber attack, and learn the techniques and best practices to protect themselves. For example, to protect from phishing, be cautious about all communications you receive, don’t open any attachments contained in a suspicious email, and never enter any personal information on a pop-up screen.

There are many solutions that a business can implement including managed security monitoring, detection and response services, annual security penetration testing, multi-factor authentication and passwordless technologies. Passwords should be rotated at the very least every 60 days, although every 30 days is even better.

Multi-factor authentication (MFA) is even more secure than passwords alone. MFA adds an extra layer of security by using two or more pieces of evidence to log in to a single location. Some common examples of MFA include an SMS message, phone call, or authenticator app to verify a browser login. Other verification factors could include personal questions, a physical object such as a security token or bank card, or fingerprint, face, or iris scanning.

In order for small businesses to protect themselves, the weak spots must be identified and eradicated before an attack occurs. This is especially true for those small businesses that are almost entirely based around online orders and digital customer data. As more and more large companies make headlines for their own cybersecurity breaches, it’s time for small businesses to make cybersecurity a priority for exactly the same reasons.

The post The real cost of cyber breaches to SMEs appeared first on Inside Small Business.