Security critical to all firms
CYBER crime is the fastest growing area of crime in the world today.
A recent Victorian Chamber of Commerce and Industry Survey of Business Trends and Prospects reported 75 per cent of Victorian business were concerned about cyber security risks.
More than half of those had experienced an increase in cyber threats over the past five years with cyber crime costing the global economy more than $450 billion in 2016.
What is disturbing is that a report by specialist insurer Hiscox has revealed fewer than half of all businesses are prepared to deal with cyber attacks.
Small businesses are particularly vulnerable and often specifically targeted as they are less likely to have the necessary systems and strategies in place to mitigate cyber risk within their business.
Telstra’s recently released Cyber Security Report revealed 60 per cent of Australian organisations had experienced a ransomware attack — one of the leading cyber security threats.
We are constantly being advised by experts that we need to invest in cyber security to protect ourselves from cyber crime but for many smaller businesses this may seem all too difficult and complex.
Nicholas Patterson is a cyber security lecturer at Deakin University who leads an online course teaching tens of thousands of people.
Dr Patterson advises the three key cyber security threats facing small to medium businesses are distributed denial of service, the malicious insider and phishing and social engineering, with the average cost of a cyber attack to an SMB in the vicinity of about $280,000. More than half of that cost is on detection and recovery.
DDoS involves a network of sometimes thousands of internet-connected devices — or botnet — bombarding servers with bogus requests, effectively choking the server and rendering the target website inaccessible.
Insider attacks are often harder to detect and can be hard to protect against.
Employees and others who have legitimate access to a company’s systems can easily create havoc through planting of malware or stealing data for personal gain.
Perhaps one of the most annoying cyber attacks is delivered via everyday email communication. Phishing and social engineering activities use information that is publicly engineering where external parties send an email that looks like it has come from someone within the organisation — perhaps the boss or another key decision maker.
The email may look legitimate, often requesting that funds be transferred to a bank account, or that particular confidential information be provided.
This type of cyber threat is on the rise and if a business does not have policies and systems in place to guard Bernadette Uzelac is chief executive of the Geelong Chamber of Commerce. Follow the chamber on Twitter @GeelongChamber