More than 60% of Australia’s medium-sized companies are undefended against cyber-attacks that have the potential to put them out of business; that’s the finding of a study conducted by Fairfax Media and KPMG.
By some measures, Australia is doing well meeting the challenges of cybersecurity compared to other countries.
In the ITU Global Cybersecurity Index, Australia is ranked amongst the world’s top 10 for security preparation and number three in the Asia-Pacific. The Australian Government’s Cyber Security Strategy is widely referenced as being one of the world’s better policies.
Larger companies in Australia are moving toward better data security preparedness, but despite Australia’s proactive posture on cybersecurity and efforts by government agencies to reinforce the importance of securing online activity, smaller companies remain vulnerable.
“Even small companies with minimal tech infrastructure are attractive targets for social engineering scammers. Social engineering is a type of cyber-attack that leverages personal interactions; phone calls; emails; social media messages... Social engineering scammers often go after big scores by deceiving high ranking people in a company, usually with an email that pretends to be from the CEO to another staff member, like the CFO, who has control of company funds. It sounds far-fetched, but scammers regularly pull off scams where they convince executives to release large sums of money to them.” - Craig McDonald, CEO, MailGuard.
The ASBFEO - Australia’s small business advocate - released a study last year revealing the disproportionate impact of cybercrime on smaller companies. The report showed that 43% of cybercrime incidents harm small to medium sized businesses and more than half of small companies affected go out of business within six months of the attack.
Clearly cybercrime is a big threat to Australian companies. But what sort of attacks are doing the damage? And how do they occur?
Email is still the main channel for business communication; so it’s probably not surprising that cybercriminals are using it to hack into company computer systems.
Businesspeople send billions of emails daily; the total worldwide number is expected to reach 319.6 billion messages a day by the end of 2021.
Mixed in with those billions of legitimate messages are millions of malicious emails designed to extract information from people that criminals can use to infiltrate their companies.
One of the most common tactics of online crime is phishing. Criminals create forged emails that look like notification messages from other businesses and request the recipients to log into some sort of online portal.
The objective is to deceive people into entering their password credentials into a fake login page where their private information will be collected by hackers.
Phishing is a deceptively simple hacking technique. It’s been used to extract billions of dollars from companies worldwide. Once cybercriminals have the login details for a company email account they can get access to all the sensitive communications that go through the inbox, and use forged messages to manipulate influential people inside the organisation.
Imagine the harm that can result from having con-artists going through your business’ emails. The information they get access to allows them to divert invoice payments to their own bank accounts or issue unauthorised purchase orders. They could send messages posing as high ranking company management instructing the accounts department to release funds or give them access to company banking data.
Even very large organisations fall victim to phishing attacks. The hacking of the DNC during the 2016 US Presidential election campaign was the result of a phishing attack.
The DHS recently revealed that phishing was the mechanism used by Russian hackers in their attempt to infiltrate the US power grid this year.
You can learn more about phishing and the tactics of email-based hacking in this article: Attention: unusual activity on your email account - click here
Read this article to get the facts about cybercrime against SMEs: Email fraud up 46% on 2017: businesses losing $ billions
How to defend against cyber-attack
The 2018 AusCERT Cybersecurity Survey report warned that “phishing and email attacks are still the most prevalent form of cybersecurity incidents,” and that “phishing emails are the most widely used infection vector employed by 71% of all threat actor groups.”
Implementing a robust cybersecurity defence in 2018 means keeping malicious email like phishing messages out of employees inboxes.
If you would like to learn more about cybersecurity preparation, you can download the free e-book Surviving the Rise of Cybercrime. It’s a plain English guide explaining the most common threats and providing essential advice on managing risk.
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal.
You can download your copy of Surviving the Rise of Cybercrime for free, here.
Defend your inbox
Cyber-attacks can be enormously costly and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.
For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network.
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30