October is Cyber Security Awareness month – and with last month’s major attack on Optus we need to become more aware of how cyber-crime can affect businesses. At Optus, client records were stolen, and ransom demands by cyber criminals were made. Perhaps you were impacted personally by this attack? Were you left feeling concerned for your business, or did you feel more secure from cyber-attacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want?
A new report by cyber-security firm Barracuda Networks analysed millions of emails across thousands of organisations. It found that companies, even smaller ones, should be concerned about their IT security.
In fact, some of the stats from the report are alarming. Employees at companies with less than 100 employees saw 350% more social engineering attacks than those at larger ones, putting small businesses at a higher risk of falling victim to a cyber-attack. Just what is “Social Engineering?” Used by cyber-criminals, social engineering is a technique that exploits human error to obtain private information. Scammers trap their targets into exposing sensitive data, spreading malware infections, or providing access to restricted systems.
Are small businesses targeted more?
Information & Communications Technology company, Integrated ICT provide Security as a Service (SecaaS) to businesses small and large.
Integrated ICT’s Technical Sales Manager, Joel Newey said, often smaller businesses don’t invest enough in their IT security.
“They may buy an antivirus program and think that’s enough to cover them. However, with the expansion of technology to the cloud, that’s just one small layer,” said Mr Newey.
“Adequate security needs more layers of protection; hackers know the limitations of inadequate security and often see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.”
“When you’re running a small business, it’s often a juggling act of what to set as a priority for your funds. You may know cyber-security is important, but it may not be at the top of your list.”
“Every business has data that’s worth scoring for a hacker. From credit card and license numbers to email addresses, all are valuable. Cyber criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.”
Some of the data types hackers chase:
- Customer records
- Employee records
- Bank account information
- Emails and passwords
- Payment card details
Small businesses can be a hacker’s entry into larger ones
“With many smaller companies providing services to larger organisations, they often have a digital connection and if a hacker can breach the network of a small business, often they can then get into the network of the larger organisation, enabling a multi-company breach.”
Are you prepared for ransomware?
Ransomware has been one of the fastest-growing cyber-attacks of the last decade. So far in 2022, over 71% of surveyed organisations experienced ransomware attacks.
The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.
“Even if a hacker can’t get as much ransom from a small business as they can from a larger organisation, it’s worth it. They often breach more small companies than they can larger ones. So, when a company pays that ransom it creates a snowball effect with more cyber criminals joining in.”
Education is key
Hackers need help from a user in most cyber-attacks, so one of the most important keys in thwarting cyber-crime is cyber-security training for staff says Mr Newey.
“Businesses often implement some great cyber-security measures but may not train staff to recognise potential cyber-crime. Educating staff to spot phishing and implement password best practices are key to ensure networks aren’t made vulnerable.”
Teaching employees how to spot these ploys can significantly increase your cyber-security. Phishing, for example is the fraudulent practice of sending emails under the guise of a reputable company to trick innocent users to reveal personal information. One of Integrated ICT’s SecaaS offerings ensures that training reaches every employee no matter how tech-averse they are, making security training painless and convenient for employees. They customise phishing emails, sending domains and attachments to mimic industry-specific threats, thus teaching employees what to look out for, increasing training effectiveness.
Do you need affordable IT security services for your business?
Contact Integrated ICT to find out more about our range of SecaaS solutions, including many ways to keep you protected from cyber threats. We deploy the latest security tools and resources to protect your business, and you can avoid the costs and maintenance of onsite services.
Call 6374 8200 or email hello@integratedict.com.au
Some information for this article used with permission from The Technology Press.
