Technology companies like SoftLabs are stepping up their cybersecurity services amid rising cyber-attacks on small and medium size businesses – where one is victimised every eight minutes – that can be staved off by arming frontline staff with technology training to detect and foil threats.
For the 2020-2021 financial year, more than 67,500 cybercrime incidences have been compiled by the Australian Cyber Security Centre, reflecting a 13 per cent increase on the previous year and costing $33 billion in losses.
The spike in cybercrime targeting business during the coronavirus pandemic is tantamount to one small or medium size business operation being disrupted, or data or email being breached or compromised with malware or ransomware, every eight minutes in Australia, the recently released ACSC report said.
Small business lost an average of $9 million, medium business was hardest hit at $33.4 million on average, and large organisations copped around $19.3 million from incidents mainly from computers or online services used to commit fraud.
Of 12,000 reported incidents, 18 per cent occurred in NSW.
SoftLabs’ cybersecurity consultant Sameer Pradhan says while cyber-attacks are growing exponentially on a frightening scale, by applying online hygiene training, particularly for small and medium size business and their frontline staff that handle day to day digital operations, they can be better protected.
“These actors are difficult to detect, for they either operate locally or overseas and their numbers grow every day because they earn thousands, if not millions, of dollars within short hours conducting criminal activities online,” he says.
Small and medium size business have less resources to keep their operations safe from cybercrime compared to large corporations, Pradhan explains, but the threat of cyberattack is on same level as large companies.
The Australian Bureau of Statistics cited in a June report factors that prevented or limited the abilities of businesses from improving their technologies included slow internet speed (13 per cent), lack of current staff with digital skills (13 per cent), staff with skills but insufficient knowledge on ICT (12 per cent) and being unsure about the cost and benefit of updating their ICT resource (12 per cent).
A staggering 78 per cent of these businesses have used government financial assistance in 2019-2020 financial year to update their technologies, and as a result, there has been an 8 per cent decline in internet security breaches to their businesses in the same period.
Two years before, the online breaches reported by businesses had jumped up to 16 per cent.
But while large corporations have been spending a sizeable chunk of their annual budget on cyber safety, malicious actors have proven seemingly unstoppable in exploiting the pandemic situation, targeting vulnerable people in small business, essential services and critical infrastructure.
“There is no silver bullet to solve these rampant cyber problems such as ransomware and recently malware on mobile phone messages to millions of Australian mobile phone owners, because these actors will do anything to steal your information and your money,” Pradhan says.
“You can be a small retail business, hospital, airline, bank, restaurant or café or big shops like Woolworths and Coles, as long as you are a real person or a business with a username, password, bank account with money, a phone account and you have an internet connection, you are a potential target.”
The biggest cyber threats to all types of business include “business email compromise” or BEC, with an average $50K loss to an enterprise for every incident as companies allowed staff to work from home due to the pandemic, a 15 per cent increase in ransomware incidents, and shopping and banking scams, where 75 per cent of fraud reported resulted in substantial losses.
SoftLabs director Sreeni Pillamarri says the ACSC report was an eye-opener for every business to take cybersecurity as a shared responsibility by management and employees, and therefore managers must be prepared to respond to incidences when they occur, and staff must have practical knowledge on what to do.
“In the traditional digital world, companies’ websites and online business data must be properly secured and to do this, they must have the knowledge to secure their systems and detect a potential cyber incident or at least know the signs if their data or accounts have been compromised,” Pillamarri says.
“Organisations can spend on top cybersecurity tools and the best anti-malware, but if one unsuspecting employee clicks an email with a phishing link, or opens a malware infected document, all their cyber defenses have just gone down the drain.
“That is why we believe as a technology company with knowledge on cybersecurity that the best defense against cyberattack is to equip staff doing frontline duties, because in cybersecurity, we always believe that the human is the weakest link.
“Like the business owners and managers, every employee has a responsibility to prevent cyber-attack happening in the first place.”
Following is a quick checklist for avoiding being a victim of cyber crime:
- Keep in mind that cyber criminals will target any person or industry because their fraudulent activity is “domain agnostic”, therefore if you are contacted by email or by unknown SMS message on your phone and it sounds like a phishing activity and simply too good to be true, trust your gut and delete the message without clicking it – and report it to cyber.gov.au.
- Do not provide 100-point verification to any unverified online or phone contact, particularly when they ask for your passport details, bank card number, Medicare card, and driver’s license.
- Ask your bank to guide you on latest banking security features that lock your bank account when you are not using it and only allow you to unlock it when you need to purchase goods or pay bills.
- Change your password regularly; choose hard to guess passwords by avoiding using pets name or family member’s name; and do not use the same password for several online accounts.
- Be wary of online or social media surveys where your personal details are required and do not announce your personal details on social media.
- Conduct regular employees’ awareness training on practicing cyber safety at work because online security is a responsibility to be shared by all in every business.
- Businesses must keep up to date with training and information available from government agencies on latest cyber security precautions.
- Keep in mind the potential victims of cyber hacking: those who have been hacked, those who don’t know they have been hacked, and those who will be hacked at some point in their lives.
For further details on the ACSC, how to report cybercrime and cyber security incidents and how you can protect your business from cyberattack, visit cyber.gov.au.