The number of cyber security attacks perpetrated globally increased by 48% to 43 million in 2013, with the average loss soaring over 30% to surpass $3 million.
The most interesting aspect of the report, released by PwC’s Advisory team, is that smaller organisations are increasingly being targeted, due to investment from larger entities in making their systems more difficult to penetrate. Small and medium enterprises often have insufficient controls to monitor and combat incoming threats, or in some cases, such controls are non-existent, making it impossible to accurately quantify the number of threats mounted and the value of damage caused.
Complacency, according to PwC’s Australian Lead Partner for Cyber Security, Steve Ingram, is also a major issue, with business owners believing that the risks of cyber-attacks are insignificant, or that their business is a low value target. However, this is likely to be a key factor for hackers in selecting potential targets. It is worth noting that across businesses of all sizes, 48% of respondents reported that their perception of the risk posed to their business by cybercrime had increased over the past year. This risk appears to be justified, with major organisations including J.P. Morgan, Australia Post and the ABC being penetrated recently.
Common cyber-attacks include phishing expeditions – where an email is sent purporting to be from a bank, utility provider or courier service claiming to need you to “confirm” your personal details in order to provide a service to you, and ‘crypto-ransomwear’ attacks, where an email prompts you to open an attachment, which in turn downloads a virus which encrypts your files, preventing you from accessing them. This was exemplified in the recent attack on Australia Post.
The ‘usual suspects’ – foreign states and criminal organisations – are still responsible for a large proportion of cyber-attacks. However, attacks are more likely to originate from inside the business, either through an employee unwittingly being duped by a phishing or similar scheme, or by a disgruntled employee.
In light of these findings, it is more important than ever to be vigilant against risks of cybercrime. All small businesses should have a plan in place to manage sensitive information stored on their networks, and be able to effectively recover that information if necessary in order to minimise disruption to their operations.
The best advice for avoiding such attacks is vigilance. You should not open attachments in emails you weren’t expecting or are from unknown sources. You should check the sender’s email address to verify the message’s authenticity. If the sending address is a foreign address or a ‘free’ address, such as Gmail or Hotmail, it should be treated with caution unless it is an address that you are familiar with. Emails sent from an address with a formal company name and ends with Hotmail or Gmail should be ignored and deleted. If you are prompted to follow a link, hover your cursor above the link, and ensure the link that appears in the text box above the link matches the link. If not, the message should be treated with suspicion. You should ensure your anti-virus is fully up to date at all times.
We also recommend regularly viewing the Australian Competition & Consumer Commission’s ‘Scam Watch’ website to keep up to date with recent known scams. The site can be viewed here.
Finally, you should keep a backup copy of your data on a drive that is physically disconnected from your computer.
Article by: David Kehoe, Business Improvement and Compliance Consultant