Cyber security is a top concern for business owners in the 21st century. With cyber attacks on the rise, it’s more important than ever that you know how to protect your business, and what cyber threats you should be on the lookout for.
Why Australian businesses need to be aware of the latest cyber threats
If you don’t believe your business is large enough to be the focus of a malicious cyber attack then you’d be wrong.
Cyber security is constantly evolving, and cyber criminals are always looking for new ways to subvert security systems and to exploit individuals, organisations and government agencies for their own benefit. And because many small-medium businesses don’t employ the same kind of sophisticated cyber security measures as larger companies, this makes them easy targets for criminals.
The damage a cyber attack can cause to a small business goes beyond financial losses. If a cyber attack is successful and your customers’ data is compromised, this could have serious consequences for your reputation and your customers may lose their trust in you.
Recent cyber attacks in Australia
These are some of the headline-making cyber attacks in Australia in the past year.
1. Toll ransomware attack, February
Toll group, one of the largest transportation and logistics companies in Australia, was targeted by a ransomware attack. Toll confirmed that as many as 1000 servers were compromised. Toll would not be the only large Australian business to become the victim of a ransomware attack in 2020.
2. The ‘sophisticated, state-based’ attacks on Australian government agencies, June
A number of ongoing cyber attacks against state agencies and institutions, as well as local governments, were brought into the public eye. Prime Minister Scott Morrison said that ‘Australian organisations are currently being targeted by a sophisticated state-based cyber-actor.’
3. Transport NSW exposes driver’s licenses, August
More than 54,000 NSW drivers’ licenses were exposed in a data leak. The licences were exposed on an open Amazon Web Services cloud storage service.
4. Spotless ransomware attack, October
Spotless, a facility management service that has worked with the Australian Government Department, was hit by a ransomware attack.
The worst offenders: popular types of cyber attacks against Australian businesses
The Australian Cyber Security Centre (ACSC) quoted some pretty scary figures in its 2019-20 report.
It reported that Australians had lost more than $634 million to scams in 2019 alone. And while the report states that the real cost of cyber crime is difficult to pinpoint, industry estimates reckon that the cost could be as much as $29 billion annually. (Source)
So, what are some of the biggest cyber threats Australian businesses face in the past year?
5 common cyber threats faced by small businesses in 2020:
Malware is a general term used to describe malicious software attacks. These include viruses, worms and trojans, among other things.
Malware can have huge impacts on a company, as it can be used to cause damage to devices and steal data. It can also be used in more subtle ways, like creating a backdoor into a system so cyber criminals can access the system without being detected. This allows them to spy on the system and steal data.
It’s especially important that small businesses understand how to identify and protect themselves against malware threats, because it’s not just the business’s data that’s at risk. If a cyber criminal gets hold of your customers’ information, or that of your suppliers, it’s going to cost you more than money to solve the problem. Your business’s reputation will be sorely damaged, and it might be difficult to repair it.
The ACSC report states that ransomware has become one of the most significant threats due to the massive impacts it can have on businesses as well as government agencies. ‘Recovering from ransomware is almost impossible without comprehensive backups,’ the report warns.
One of the reasons why ransomware attacks have become so prevalent is because they can prove to be very lucrative for cyber criminals.
A ransomware attack is a type of malware that is used to encrypt files. Then, the cyber criminal will demand a sum of money (or something else valuable) to decrypt the files. It’s recommended that Business Owners don’t pay the ransom, as there is absolutely no guarantee that the criminals will decrypt the data for you once you’ve paid the amount.
The goal of a phishing attack is to trick you into believing that what you’re seeing comes from a real, legitimate contact or entity so that you’ll supply sensitive information – such as passwords or bank details.
Phishing emails can pose a threat to businesses just as much as they can an individual. A phishing attack could come in the form of an email, a text message, a direct message or another form of communication.
Most small businesses will have at least one email account, as well as a few social media accounts. These are all vulnerable points. But you can lower the risk of falling victim to a phishing scam by limiting the amount of employees who have access to these accounts, and making sure that you don’t open messages or emails from unknown sources.
4. Supply chain attacks
A supply chain attack (also called a third-party attack or value-chain) happens when a cyber threat invades a system through a third-party that has access to that system. These types of attacks are becoming more frequent. For example, if your business’s supplier does not have strong cyber security measures in place, and this supplier also has access to some of your systems, then this supplier could act as a weak link in your cyber security perimeter. Supply chain attacks can affect businesses of all sizes.
We’re not saying that you might have a saboteur on your payroll, or that your Marketing Manager is committing cyber espionage. But without the proper training and knowledge around cyber security and cyber threats, your employees could be a risk to your business.
The ease of which small businesses can be compromised is demonstrated in the ACSC report: ‘ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign.’
While cyber security is everyone’s personal responsibility, employers do owe it to their staff (and their business) to ensure that employees are educated and aware of the latest cyber threats and how they can help prevent cyber attacks.
Where can I learn more about cyber security?
Open Colleges has teamed up with AIICT (Australian Institute of ICT) to bring you the Certified Cybersecurity Professionals course.
This course has been developed to teach those with little IT experience the fundamental skills and knowledge needed to identify and protect against cyber threats.
Protect yourself, your employees, your business and your customers. Learn more about the Certified Cybersecurity Professionals course now.