There has been a 2500% increase in the sale of cybercrime kits on the dark-web since 2016, said Angus Taylor MP, Australian Minister for Law Enforcement and Cyber Security in a recent interview.
Taylor expressed his concern about this surge in online criminal activity. He noted that there has been “a high take-up of digital technologies” by Australian companies, but about 30% of smaller companies have inadequate cybersecurity measures in place.
“Businesses often find it hard to recover after a cybersecurity incident. When small businesses experience a significant cyber breach, 60 per cent will go out of business within six months," Taylor said.
Fraud figures alarming
Stay Smart Online - the Australian online advisory organisation - says that the total cost of cybercrime against small to medium businesses (SMEs) is more than AU$1 billion per year.
More than half of Australian organisations have their business interrupted by cybercrime every month, according to Stay Smart Online advice.
Australian companies are at greatest risk of attack via email and social media. The Australian Competition and Consumer Commission (ACCC) monitors fraud in Australia and places online crime high on its agenda of threats. ACCC figures put the cost of email-based attacks alone, at more than AU$22 million in 2017.
Better defences needed
The increasing emphasis on cybersecurity in large companies has seen a surge in attacks on small business owners.
The outdated idea that endpoint antivirus is the best way to defend against cybercrime reflects a misunderstanding by businesspeople about the way contemporary online fraud works. Criminals are increasingly eschewing tactics like ransomware in favour of human-targeted attacks like phishing.
"As governments, utilities and corporations harden their cybersecurity, the criminals are seeing SMEs as vulnerable targets. At a time when small business owners are becoming more reliant on digital applications for things like accounting and banking, many of them have outdated views of the online world. One report found that 87 per cent of SME business owners thought an anti-virus application would protect them from a cyber attack." - Angus Taylor MP, Australian Minister for Law Enforcement and Cyber Security.
There’s a perception amongst small business operators that premium grade cybersecurity is beyond their reach, but the key to effective protection isn’t necessarily spending more. It requires a combination of up-to-date software solutions and staff education to make them aware of the hazards of email-based attacks.
Cybersecurity that works
A recent report from APWG - the Anti-Phishing Working Group - revealed that phishing attacks have surged 46% since 2017. The total number of phishing attacks detected by survey respondents in Q1 2018 was 263,538; up from 180,577 in Q4 2017.
Phishing targets people. A phishing message typically includes a link that sends the unwary victim to a fake login page. Once there, the user will be asked to enter a username and password, data that will be automatically captured by the criminals behind the attack.
Criminals use phishing to collect login credentials for email accounts, bank accounts, and a wide range of other online services. They then use the information they gather to break into company computer systems.
Phishing attackers know that not everyone will click on the bait, but they know that if they send enough emails out the odds are in their favour.
To counter the impact of human-targeted email fraud, cybersecurity experts recommend a multi-layered approach. Combining cloud-based threat detection software with staff education that helps people recognise dangerous emails, gives companies the best possible chance of avoiding data breaches.
“Prevention is the only strategy that works dealing with cybercrime. Simply running an occasional virus scan on your laptop doesn’t cut it anymore - it’s like defending yourself from terrorism by keeping a baseball bat under your bed,” Craig McDonald, MailGuard CEO, wrote in a recent article.
“To successfully confront the new wave of cybercrime we have to use every resource available to us because that’s exactly what cybercriminals are doing. One means of defence just isn’t enough. It only takes one person naively clicking on one link to bring a company to a standstill. No defence against cybercrime is 100% effective, but if we adopt a layered defence strategy, we at least give ourselves the best possible protection.”
Choosing threat protection
The majority of online threats targeting companies are coming at them through email and social media channels so detecting them requires a sophisticated filter examining every interaction for signs of malicious intent.
The Australian Government has recently established a new secure cloud environment for their security-sensitive data management, demonstrating a commitment to improving Australia’s cybersecurity posture.
Cloud-based platforms are a good option for SMEs, according to Minister for Cybersecurity Angus Taylor, because cloud service providers offer cutting-edge security systems.
When choosing a cybersecurity provider, companies should consider their speed and responsiveness to emerging threats, but also the threat vector’s that pose the greatest risk. With the majority of cyber-attacks being delivered via email, sticking with just a PC based virus detection solution isn’t going to maximise their protection.
Secure your business
Doing business online opens up opportunities for SMEs, but with that opportunity comes significant risk. Cybercriminals use simple phishing emails to infiltrate organisations and attack them from the inside. All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.
MailGuard's predictive email security filters out malicious messages before they reach your company's inboxes, minimising the risk of inadvertent data exposure.
MailGuard is a proud launch partner of the Australian Governments new secure cloud, protecting the data of government agencies and critical infrastructure organisations. Learn more about the benefits of cloud-based security, here.
Cybersecurity 101 for business owners
If you would like to learn more about cybersecurity preparation, please download the e-book Surviving the Rise of Cybercrime. It’s a plain English guide explaining the most common threats, and providing essential advice on managing risk.
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal.
You can download your copy of Surviving the Rise of Cybercrime, here.