22nd June, 2017
Forty-three percent of all cyber attacks in 2016 were directed to small businesses. In 2011 this figure was just 18 percent.
While it may be the big-business attacks that hit the headlines, due to the vast amounts of data being compromised, smaller businesses provide cyber criminals scope to make an easy buck.
“Small businesses don’t typically think it will happen to them,” said MYOB’s Head of Information and Cybersecurity, Christie Lim. “They see cyber attacks in the news, but they’re usually related to data breaches of big businesses like Sony, Target or eBay.”
The focus on the big breaches in the news which leads smaller businesses to think that they’re safe from hackers.
But Lim said smaller businesses’ inattention to cybersecurity, combined with enterprises’ increased cybersecurity, has led to criminals switching targets.
“‘Lazy criminals’ look for easy targets. They get in quick, get some money and they get out,” she said.
“It’s the same mindset that may lead a thief to rob a house instead of a bank. The prize may not be as big, but it’s easier to get.”
The risk/reward scenario has shifted for cyber criminals – and small businesses are increasingly in the crosshairs.
Lim said the most common form of attack against a small business was a phishing attack via email. Phishing attacks are designed to get you to give away your password or credit card information.
For example, you may get an official-looking email saying your password has expired and you need to reset it.
You’re then directed to a fake page to re-set your password. Part of the process includes inputting your current password, which means you unknowingly hand over your password to hackers.
But Lim says phishing has taken on a new dimension over the past few years.
“Phishing attacks now come with nasty malware such as ransomware,” said Lim. “In the past the emails would have been designed to ask for personal information
“Nowadays cybercriminals have moved on to ransomware, which is designed to lock your personal files within your system. They then ask for a lump sum of money ranging from 500USD to 5000USD.”
READ MORE: What is ransomware?
Without the files the cybercriminals have locked away, a small business simply can’t function – so they’re likely to pay. Sometimes more than once.
“Despite the federal police’s advice not to pay the ransom,” said Lim, “the record shows even after you pay the ransom you may not get the key to unlock your file.
“In addition to that, the evidence shows that once you pay, cybercriminals know you’re willing to pay so they’ll come back to target you again.”
While the range of potential attacks against small business may be varied, there are some commonsense things small businesses can do to protect themselves as best they can.
Lim has four simple tips:
READ MORE: Online security
“Security professionals have come to terms with the fact that an incident isn’t a matter of if, but when,” said Lim.
“I like to think cybercriminals are no different to criminals we deal with day in day out. If your house doesn’t have a security camera, but your neighbours’ houses do – then you’re the soft target in your neighbourhood.
“It’s very easy for the hackers to do a general network scan, and then identify which company has very few security controls. Metaphorically speaking, this is like leaving their front door wide open.”