By Henry Clark
Head of Professional & Executive Risks
With cybercrime an ever-growing threat both in Australia and across the world, knowing what to look out for and how to mitigate business risks has never been more critical.
In the following article, we’ll look at three key areas: a) the latest trends, b) common threats and c) some simple steps businesses can take to protect themselves.
BE AWARE: Cybercrime in Australia – The Latest Trends
With Australia’s high and growing reliance on technology, our economy is an increasingly popular target for astute cyber criminals located across the globe.
In 2019, 1,209 data breaches were registered by Australian businesses to the Office of the Australian Information Commissioner (OAIC). This marked an increase of 712% since February 2018 when the Notifiable Data Breach (NDB) scheme came into effect.* The top source of these data breaches was Malicious Attacks (61%), followed by Human Error (35%) and System Faults (4%).
Thanks to their commonly unsophisticated security systems and anti-virus/ anti-ransomware software, small and midsize businesses are major targets to cybercriminals, while industries particularly vulnerable to malicious attacks include Healthcare, Finance, Legal, Accounting and Education. Such sectors hold significant volumes of sensitive data, and lucrative financial prospects to organised crime syndicates as a result.
And the cost of all this to the Australian economy? The Cyber Security Review** found that up to $1 billion in direct costs are racking up each year. In addition to financial costs, however, even a single cyber attack has the potential to inflict considerable damage to your brand’s reputation if the incident is not managed swiftly, and thoroughly.
Furthermore, following major changes to the Privacy Act, all Australian businesses are now at risk of large penalties from the OAIC in the event of a cyber attack.
*References from Cyber Market Update – Clyde & Co
** Reference from ACIC (Australian Criminal Intelligence Commission)
BE PREPARED: Recognising Cyber Threats
As businesses become savvier to cybercrime, cyber criminals are innovating with equal pace and are now more creative than ever when it comes to hacking sensitive data. Equipping your team with the smarts to identify common scams as they go about their daily work, is now a fundamental business imperative.
Common threats to your business include;
- Phishing: when someone uses a fake message or email to coax you into disclosing private, personal, commercial or financial details. These messages or emails will often look genuine by way of branding, logos, similar or deceptive domain names or links to authentic looking websites.
- Malware: malicious software used by criminals to steal confidential information, hold your system ransom or instal damaging programs without your knowledge. Malware can get into your system and spread viruses through email, infected files, pop-ups or false websites.
- Ransomware: a type of malware which is often spread through phishing emails and locks your computer’s content/operating system. This allows cyber criminals to demand a ransom in return for unlocking your computer. Ransomware will often prevent you from using your devices and/or encrypt your files so you cannot access them.
Rule: never respond to unknown messages requesting personal information, or click on links from unknown sources.
BE PROTECTED: Simple Steps Toward Safety
Preventing a cyber-attack doesn’t always require a cybercrime expert or an excessive new software investment. To mitigate financial and reputational risks to your business, some simple steps toward a more ‘cyber safe’ organisation can include:
- Be aware of cyber threats and how to manage them – educate ALL your employees
- Develop a set of clear cyber policies and procedures for your business
- Have advanced security operating defaults and systems in place – instal and regularly update anti-virus/ anti-ransomware software and firewalls to stop traffic from untrustworthy sources
- Back up data regularly
- Implement the use of strong passwords and safe behaviour when using emails and the web
- Have an Incident Response Plan (IRP) in place for your business which has been pre-approved by a third party insurer. A robust IRP will work in tandem with a comprehensive cyber insurance policy and guarantee your business has specialist vendors mobilised ASAP in the event of an attack. An IRP will reduce potential damage and impact to your business exponentially, and triage you back to BAU as quickly as possible thereafter.
How can we help?
Honan has an industry-leading team of cyber advisors and specialist partner vendors with deep expertise in cybercrime prevention, management and recovery. To discuss your needs, and how we can assist with an Incident Response Plan and/or tailored insurance policy, please contact us at any time.
Henry Clark, Head of Professional & Executive Risks firstname.lastname@example.org