Cyber attacks are on the rise and business cyber security in Australia is more important than ever before, whether you’re an SME, an individual or a large corporation. According to the Australian Cyber Security Centre report a cyber crime is reported every ten minutes, with Queensland and Victoria being the most targeted states.
Small to medium sized enterprises often feel they’re flying under the radar because hackers only focus on the big fish. In fact, the opposite is true: cyber criminals are more likely to go for easy targets. They’ll assume massive corporations have all the necessary precautions in place, while Bob’s Tyre Shop will be much easier to hack into and steal sensitive customer data.
Australian businesses need to work on the assumption they’ll be a target of a cyberattack at some point. Looking at the stats, it’s a case of when, not if, so preparation is vital.
Think of it this way: If your neighbours’ homes in your suburb keep getting broken into, what do you do? You boost the security on your own home. Put in some CCTV or an alarm system. It’s the same with cybercrime: the statistics show the attacks are dramatically increasing, so you need to increase your business cybersecurity.
Types of Cyber Attacks in Australia
Cyber crime is a broad term. It could refer to that dodgy Nigerian prince who’s convinced Aunt Maisy he’s going to give her a million dollars (hint: he’s not), or sophisticated Cross-Site Scripting that hijacks a web browser. Here’s a few of the more common types that are compromising the cyber security of Australian businesses today:
Phishing: Emails or websites are created to look like they belong to a legitimate company. People are tricked into inputting their sensitive information, which is then stolen by the attackers.
Ransomware: This form of attack is on the rise, with data showing Australian and New Zealand companies have the highest reported rate of Ransomware attacks. Ransomware is a type of malware designed to block users from accessing their system by encrypting files. Money is then demanded by the attacker in order to restore the system.
Distributed Denial of Service (DDoS): An overwhelming amount of web traffic is sent to an online service, exhausting the bandwidth. This makes it difficult to use or causes it to crash entirely.
Man-in-the-Middle (MITM): The attacker basically positions themselves between two parties, impersonating both sides when they have a conversation or perform a transaction or data transfer. By intercepting data moving between the two parties, altering it and resending it, they manipulate the situation to collect sensitive information.
Cross-Site Scripting (XSS): Attackers inject malicious code into a web server. It allows them to hijack a user’s web browser, monitor their online session and collect their passwords or data this way.
Spyware: Software is unwittingly installed into your computer or device that literally spies on your internet usage. Sensitive information can be stolen in this way, including credit cards, bank accounts, passwords and login details.
Zero-Day Exploits: Big software providers like Microsoft sometimes have a vulnerability that they don’t yet have a fix for. This is called a Zero-Day vulnerability. Zero-Day exploits attack this vulnerability before the developer has come up with a patch for it.
Effects of a Cyber Attack On Your Business
The upward trend of cyber crime in Australia should be a concern for you and your business. Taking precautions now is far less costly than being a victim of an attack. From privacy concerns to massive financial loss, it could take your business a number of years to recover from a large cyber attack.
Financial Costs
This is what people sit up and take notice of. We all run businesses to be profitable and support our families, so when we hear cyber attacks cost Australian businesses more than $29-billion per year (Source: Security Brief ), it hits home.
The costs can come in many forms, including:
Extortion costs: Many companies affected by Ransomware end up paying the attackers their ransom request.
Loss of income: Cyber attacks can cause your entire business to shut down, particularly if you’re online-based. You’re going to lose turnover and probably customers as a result.
Notification and mitigation costs: You’re going to have to notify anyone who’s information was compromised in a cyber attack on your business. You will also need to keep the negative effects of the attack minimal, which may require direct communication with affected parties.
Legal Problems
Individuals and businesses don’t take kindly to their data being compromised. It’s a massive privacy issue and could have adverse outcomes for business deals and processes. If you’re seen as negligent in any way, your business could face costly legal challenges.
Reputation damage
A survey by Ping Identity shows that 74% of consumers would abandon a brand if it experienced a data breach and nearly half of respondents won’t use an online service after a data breach. That’s a pretty large jumping of ship right there.
Your reputation suffers and you lose customers following a data attack, but there could also be extensive PR costs to try and regain the trust of the public. All-in-all, a situation best avoided.
Productivity
Cyber attacks are time-consuming in so many ways, presenting massive disruptions to your normal business day. Maybe you can’t access any of your files or folders, maybe your entire network is down and none of your staff can work. Productivity slumps drastically and it’s going to take a while to get things back to normal.
How to Protect Your Company Against Cyber Attacks
It’s easy to get overwhelmed by the statistics and begin to fear the worst for your business. In this case, fear isn’t a bad thing because it’ll inspire you to boost your cyber security. Let’s cut through the noise and look at some real-world security measures you can implement to protect your business.
Team Awareness
Nearly 90% of cyber attacks are a result of human error of some sort, according to this article. Let that sink in a bit, because it’s a huge stat. It means the easiest (and cheapest) way of boosting your defences is to make sure your staff are aware of the risks of cyber attacks.
Staff need to be trained how to conduct themselves so they don’t appear an easy target, what to look out for and how to deal with cyber threats when they pop up.
There should also be protocols guiding them on how to use the work network and supplied technology, both in and out of the office.
Secure your Network with Strong Passwords
Passwords are your main line of defence against hackers. Strong passwords that are changed regularly are a simple and extremely effective method of helping secure your data. Don’t settle for easy-to-remember passwords either, they should be unique and difficult to guess, with a mix of numbers, symbols and upper-and-lower case letters.
Two-Factor Authentication
Two-Factor Authentication is a simple security method that adds an extra security step upon login. So instead of just inputting your password, you’re also prompted to input a one-off code. This code could be texted to you, emailed, or come through an app like Google Authenticator. 2FA is an effective way to control phishing threats.
Employ a Next-Gen Firewall
More advanced than a traditional firewall, this uses a combination of advanced technologies to protect your company network.
Stay Updated and Compliant
Once you’ve secured your business network, staying compliant helps you prevent cracks showing in the foundation you’ve built. The cyber world is complicated and ever-changing, but by keeping abreast of the rules, regulations and latest standards you’ll help ensure you’re one step ahead of hackers and cyber attackers.
If you keep your software, devices and web browsers up-to-date, you’re ensuring you’ve got the latest security from the developers installed too.
Having a Managed Services Provider looking after your company IT gives you the advantage of having IT professionals ensure you’re compliant, backed-up and up-to-date. Based in Brisbane, Smile IT are an IT services company that can help you take steps towards securing your business from cyber attacks this year. Get in touch here for more information or give us a ring on 1300 766 720 if you would like to talk to one of our staff members about business cyber security in Australia.
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!