Three Cyber Threats Facing Australian Businesses.
ON THE RISE
The common threats facing your business.
Cyber threats against organisations of all sizes have increased dramatically year on year and are expected to continue to rise. Here are three types of common cyber security threats facing businesses in Australia.
What is malware? Malware is malicious software designed to cause harm to a user’s device or organisation’s IT infrastructure and data. There are different types of malware, including viruses, spyware, keylogging, trojans, worms, etc.
It gains access to your devices or business network via a variety of routes and is generally after sensitive information, such as credit card details, customer details, bank accounts, passwords, etc.
Why is malware used? It’s typically used for financial profit, but it can also be used for other motives such as:
- Other serious crimes
- Businesses working with staff or 3rd parties who connect remotely, need to be aware that BYOD and unmanaged devices were increasingly targeted in 2020. These devices are more exposed and can put your business’s data at significant risk.
Who uses malware? Malware can be created and deployed from anywhere in the world today, against any person or organisation. Malware tools range in complexity and are becoming more readily available on the dark web, to the point where cyber criminals are able to subscribe to a (MaaS) Malware As A Service which provides a botnet that distributes malware for them.
Topics covered below.
‣ What are the most common cyber threats Australian businesses encounter?
‣ How these threats actually target your business and infiltrate your networks and devices.
‣ What these cyber threats can do to your business.
‣ How to protect your business, data and devices against these attacks and avoid becoming a cyber crime victim.
TAKE THE TEST
Can you spot a scam?
1 in 5 business owners don’t know how ‘phishing’ works. Do you? Take our short quiz and test your ability to avoid scams.
What is phishing? Phishing attacks usually come in the form of emails and are built to look like authentic correspondence from a business or person you may know or trust. Their aim is to get you to open a link or download an attachment in order to either install a piece of malware on your device or to request sensitive information such as bank account details. Modern phishing attacks have become very sophisticated and are more difficult to identify without the correct software.
Phishing is a numbers game. Phishing emails are usually sent to thousands of people in the hope that a small percentage will fall victim. Scammers can net significant sums of money through this method. A few common types of phishing include:
- Phishing (low sophistication, many targets)
Usually general emails with obvious warning signs, sent to thousands of targets.
- Spear Phishing (high sophistication, less targets)
Fraudulent and sophisticated messages sent to a specific individual, usually the business owner, receptionist or finance and payroll manager.
- Whaling (high sophistication, less and high value targets)
Spear phishing aimed at very big fish like CEOs.
How are phishing attacks delivered Modern phishing attacks are no longer purely delivered via email. Other methods used include SMS, Instant messaging and social media.
DON’T BECOME A VICTIM
How to protect against malware attacks.
- Automatically update your operating system.
- Automatically update your software applications.
- Regularly backup your business’ data.
- Keep your business antivirus up to date.
- Train staff not to open suspicious emails.
- Train staff not to open suspicious links in texts, social media or online.
DON’T BECOME A VICTIM
How to prevent phishing.
- Requests for money, especially if urgent or overdue.
- Bank account changes of suppliers.
- Requests to check or confirm login credentials.
What is ransomware? Ransomware is a specific type of malware that can lock down your business network, computers, files and/or entire IT infrastructure, until a ransom is paid. Ransomware attacks are typically carried out via a malicious but legitimate looking email link or attachment. When downloaded or opened, most ransomware encrypts a user’s files, then demands a ransom to restore access – typically payable using cryptocurrency, like Bitcoin.
A common method used to target Australian businesses in 2020 was for cyber criminals to use a combination of Emotet or Trickbot malware (spread via phishing emails) to gain access into a business network and then deploy Ryuk ransomware.
The Australian Cyber Security Centre rates ransomware as one of the greatest threats facing Australian businesses because:
- It requires minimal technical expertise
- Is low cost to the cyber criminal
- A large percentage of small to medium sized businesses are not sufficiently educated or trained to prevent these attacks.
- Ransomware can result in significant damage and financial loss to an organisation.
Never pay a ransom.
You are not guaranteed to regain access and may be vulnerable to future attacks.
Ransomware attack on Lion.
On June 9 2020, Australian beverage giant Lion announced it had fallen victim to a cyberattack that forced the company to shut down its IT systems, limiting its manufacturing and order placement.
The attackers threatened to publish or auction confidential company information unless a ransom of $1 million was paid. Proof of stolen confidential files were posted on the dark web along with a ransom note:
“You have 5 days to contact us and pay, otherwise all your financial, personal information your clients and other important confidential (sic) documents will be published or put up for auction,” the attackers said.
DON’T BECOME A VICTIM
How to prevent ransomware.
- Update operating systems
- Update software
- Keep your corporate antivirus software updated
- Have an operational data backup strategy
HOW WE HELP OUR CLIENTS
Proactively prevent cyber attacks.
One of the most effective prevention strategies against cyber crime is using the services of a managed security service provider. At 9spheres Technologies our clients can get on with business knowing that their IT infrastructure is constantly being monitored and proactively maintained by a certified team of experts. Professionals who are up to date with the latest threats and response measures.
We can put together a security plan and data backup and recovery plan that best suits your business needs and budget.
9spheres Technologies has been helping businesses in and around Brisbane stay secure since 2009. Chat to us about your needs and we can work out a solution with you. Book a free consultation with us here.
MANAGED SECURITY SERVICES
What are the benefits?
‣ 24x7x365 monitoring and protection.
‣ Best in class device and network security software.
‣ Use of comprehensive multi-layer security.
‣ Expert level protection and sytem mainenance.
‣ Save on expensive hardware, software, personnel & errors.
‣ Legal compliance.