Cyber Security & Protecting Your Business

By 25/11/2021Latest

A cyber security incident that impacts a small business can be devastating. Unfortunately, those at the Australian Cyber Security Centre (ACSC) see the impact of cyber security incidents on individuals, large companies, and small businesses every day.

As part of a larger Government agenda, we all need to play a small part in the national objective of protection against cybercrime, ACSC are reaching out to small/medium business to assist with the basic foundations and techniques to protect small business against critical cyber related attacks.

During the 2020-21 Financial Year the ACSC Observed

  • Over 67,500 cybercrime reports, an increase of nearly 13% from the previous financial year.
  • Self-reported losses from cybercrime total more than $33 billion.
  • Approximately one quarter of reported cyber security incidents affected entities associated with Australia’s critical infrastructure.
  • Over 1,500 cybercrime reports per month of malicious cyber activity related to the coronavirus pandemic (approximately 4 per day).
  • More than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information.
  • Nearly 500 ransomware cybercrime reports, an increase of nearly 15% from the previous financial year.
  • Fraud, online shopping scams and online banking scams were the top reported cybercrime types.
  • There is an increase in the average severity and impact of reported cyber security incidents, with nearly half categorised as ‘substantial’.

Source: ACSC Annual Cyber Threat Report 2020-21 | Cyber.gov.au

What are the Most Common Cyber Threats

The Fake Invoice Scam or Phishing

Let’s start with arguably the most popular phishing template out there – the fake invoice technique. Phishing emails are used by cybercriminals and are created to look like official messages, mimicking phrasing and logos from well-known organisations. Phishing emails ask for various personal information, passwords, and credentials, leading to compromised digital systems.

Like many phishing attacks, this scam relies on fear and urgency, pressuring an end user to submit a payment for goods or services they’ve never even ordered or received. Time pressure emails are high risk so be aware and if in doubt verify details through a known contact. You need to know you are dealing with a legitimate authority. The Accounting and Bookkeeping community are the obvious targets for this sort of attack. Invoice fraud is quite common and can bypass security systems.

To verify if an email or message is legitimate, find a source you can trust! Visit the official website or call the advertised phone number. Do not use the contact details provided in the email or message, as these could be fraudulent also.

Business Email Compromise

Business email compromise is a type of email cybercrime scam in which an attacker targets a business to defraud the company. Business email compromise is a large and growing problem that targets organisations of all sizes across every industry around the world. These scams have cost businesses billions of dollars in potential losses.

Email account compromise, or email account takeover, is a related threat that is increasing in an era of cloud-based infrastructure. These scams are difficult to detect and prevent. They leave businesses vulnerable to attacks, potentially leading to identity theft and compromising systems with businesses experiencing significant financial loss as well as compromised access to business and loss of personal information.

Ransomware

Ransomware attacks are typically conducted via malicious but legitimate looking email links or attachments. A ransomware attack is a form of malware attack in which an attacker seizes the user’s data, folders, or entire device until a ‘ransom’ fee is paid. Ransomware attack exploits the open security vulnerabilities by infecting a PC or a network with a phishing attack or malicious websites. Ransomware are legitimate looking links but the link, when opened locks the organisations files until a ransom fee is paid. The ACSC advise is not to pay but to seek ACSC advice if this happens to your business.

How Cyber Mature is Your Business?

Use the Assessment Tool and Find Out!

See: Cyber Security Assessment Tool | Cyber.gov.au