5th March, 2020
Cyber attacks have plagued the individuals and businesses online for over thirty years, but a cyber security expert says these threats may soon begin to overwhelm businesses.
Limitless access to information and seamless social connectivity have made the internet an invaluable resource, particularly for businesses.
Unfortunately, unparalleled connectivity also allows sensitive data to be accessed and manipulated by thieves and frauds.
In 2019, cybercrime-related losses in Australia amounted to an average of $890,000 a day. With this in mind, common sense dictates business owners remain on their toes.
In this article, we provide some tips for making sure your business is protected. But first, let’s take a closer look at the problem at hand.
Despite the Australian Cyber Security Centre receiving thousands of malware reports every day, evidence suggests there’s a disparity between real-world cyber attacks and businesses’ expectations.
Paul Watters, a professor in cyber security at La Trobe University, advised the malware attacks we’re familiar with are slowly dying out.
This may sound like good news, but traditional malware is being replaced by more sophisticated systems.
These emerging technologies are giving criminals the ability to launch new kinds of attacks, such as AI-driven identity theft.
“We’ve seen a natural evolution of the sophistication of a whole range of known attacks,” said Watters.
“Rather than sending out mass spam campaigns to a whole range of random users, attackers are becoming more focused on particular cohorts.
“The ANU [Australian National University] data breach is a good example – a large team appears to have spent several months writing customised zero day malware to target vulnerabilities in the ANU systems.”
Watters has closely monitored cyber security trends since establishing Australasia’s first cybercrime research laboratory in 2006. He now believes the problem lies in businesses failing to stay informed with advancements in cybercrime.
“I think there are a lot of new technologies and new attack vectors, but my view is that most businesses are not doing enough to reduce the risk.
“Attackers know this – I understand that most businesses do not invest in cyber security, therefore their attacks are increasingly more sophisticated but also more successful.
“This trend will continue for the foreseeable future.”
Businesses shouldn’t feel too overwhelmed with possibilities, though.
Watters recommends first investigating how cybercrime affects your particular industry and make plans from there.
“First, companies need to understand the cyber risks specific to their industry.
“There’s no point investing a huge amount of money into treating cyber threats if you don’t know where your vulnerabilities are.
“If your business doesn’t have a dedicated cyber security team, then perhaps consider hiring a virtual CISO.”
CISO stands for Chief Information Security Officer – a senior executive role whose responsibilities include managing and maintaining the integrity of a business’s critical information, whether that’s sensitive customer data or the company’s own financial data.
Whether they can afford to hire an experienced CISO or not, businesses should be particularly wary if they regularly manage large amounts of sensitive information, as businesses in such industries are prized by cybercriminals.
And certain industry sectors may be more at risk of being targeted than others.
“Healthcare and education seem to be particular targets at the moment, because of the very rich data holdings that these organisations have,” Watters said.
“A lot of this data can be used to undertake subsequent attacks against banking and financial services.”
Not every business has the resources to hire a full-time or remote cyber security professional, however. For these businesses, Watters has a few simple tips to help prevent malicious attacks and information theft.
“There are some obvious things that everyone should be doing, like not using the same email address and password on different sites, especially if your business depends on the cloud.”
Social media similarly plays a huge role in avoidable information theft, largely due to users being so free with personal information.
“It’s when business owners disclose personally identifying information, such as their full name, birthdate, mother’s maiden name and so on – these are the credentials that banks and other financial institutions use to identify their customers.”
If you’re in a tizz about your business’s security and are unsure where to go from here, Watters has a solution to get you started.
“My suggestion would be to engage a consultant who might be able to come up with a plan that aligns to an international standard.
“Companies can then monitor their progress against meeting the requirements of the standard.”
In the meantime, be sure to familiarise yourself with a few simple ways to prevent online order fraud.