You would have had to live under a rock not to have heard about the recent Optus data breach and Optus faces an uphill challenge to restore its reputation. The hackers haven’t been found, but the Federal Government has said it was not sophisticated.
It’s easy to believe these attacks only happen to massive enterprises, but smaller companies are also targets. The Australian Cyber Security Centre (ACSC) reported an annual increase of almost 13 per cent in cybercrime in its annual report (67,500 incidents), which is one cyber-attack every eight minutes, costing business more than $33 billion.
According to ACSC, no sector was immune. Companies navigating work-from-home arrangements are especially susceptible to remote access malicious activity, and COVID-19-themed malicious cyber activity was trending last year.
Two of the most common cybercrimes impacting businesses, especially SMEs, were:
- Ransomware attacks (up 15 per cent) can cripple organisations, particularly smaller businesses when hackers encrypt devices and files and don’t allow companies access until a ransom is paid.
- Business Email Compromise (BEC), which cost the economy $81 million (an increase of 54 per cent). Criminals will impersonate recipients using spoof email accounts, update payment details and send out fake invoices.
The Federal Government has since tightened regulations for telcos to enable them to share customer data with financial institutions when required to prevent or respond to cyber security incidents and then must be destroyed. Large companies are already facing compliance and reporting requirements alongside employing Chief Cyber Security Officers (CCSOs). It’s not unusual to spend over $50 million protecting their data, but as seen this month with Optus, Uber, Telstra and Rockstar Games, it doesn’t always work.
Small businesses don’t have the same resources to protect themselves. It requires more than anti-virus software, and with the leading cause of breaches being human error, it’s increasingly likely companies will become a statistic.
If your business is insured, you might think you’re covered for loss, but insurers are tightening their policies, and expect companies will have a solid level of data protection or they won’t pay out. The losses are enormous including financial loss and reputational damage, which can destroy a small business.
There are some actions small businesses can take to mitigate the risk of cyber-attacks on their own, but to enhance security, it is worth investing in a cyber security consultant:
#1: Prevention
Set up your edge devices (firewalls, servers, wireless router connections, etc.) with software that recognises specific cyberattacks and blocks them out. It is useful to protect information constantly being updated or changed. While some good DIY tools are available to, a cyber security consultant knows how to stop cyberattacks before they start.
#2: Detection
Once your preventative measures are in place and you start blocking any incoming attacks from the outside, you may feel invincible. However, employees could unwittingly invite malware or a bug into your network when they access a site that is not trusted. A cybersecurity company can detect the breach and isolate the attack, so it doesn’t spread. This is where the experts pay for themselves – they can detect a breach instantly.
#3: Reaction
After an attack is discovered, you (or your cyber expert) must stop the attack. Once detected and isolated, a cybersecurity company that uses MEDR solutions will have a report that details the type of attack and what the best solution is going to be. Without experts working out the problem for you, you risk falling victim to a cyberattack. If ‘reaction’ is your first step, you’re already losing.
Cyber attacks represent more than just inconvenience to an SME. They can bring it to its knees, and destroy your reputation to such an extent business continuity is impossible. Investing in cybersecurity should be a must-have for small business.
