Why is cyber security important for small businesses? Small to medium businesses face the impact of cyber security incidents each day.
According to the Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2021-2022 there were over 76,000 cybercrime reports. This equates to the ACSC receiving one report every 7 minutes compared to the previous fiscal year which was every 8 minutes.
Anyone can be a potential target for a cyber attack which means you need to be vigilant. We recognise that Australian small business owners do not have the time or resources to dedicate to cyber security. That is why you must act swiftly and implement simple measures to combat cyber security threats.
We explore the essential small business cyber security guide such as key cyber threats, financial impact, and how we can help.
Top Cyber Threats 2022
Australian small businesses are faced with all types of cyber threats. SMEs are mainly faced with a popular attack called ransomware. A ransomware attack occurs every 11 seconds making it the number one threat to small businesses in 2022, according to Savvy. Here are the top cyber threats in 2022 that small to medium businesses face:
Ransomware
Ransomware is a type of malware (malicious software) designed to lock down your computer or organisation’s sensitive files until a ransom is paid.
What can trigger ransomware?
Visiting unsafe or suspicious websites
Clicking on a website or email link from an unknown source
Inadequate email or network security
Phishing
Like social engineering, phishing is a fraudulent message designed to deceive employees into revealing confidential login credentials or sensitive information using electronic communication channels. Phishing attacks may target the following communication channels:
Email
SMS
Instant messaging platforms like WhatsApp or Telegram
Phishing text rose 28% in February 2022 and increased by 1,024% from April 2021
The Netherlands leads the list of targeted countries for phishing attacks in 2022, followed by Russia and Moldova
The most targeted age group in phishing attacks were individuals aged over sixty-five, amounting to a total loss of $6.6 million from October 2022
Malicious Software (Malware)
Malicious software, better known as malware, is any type of software that is specifically designed to make an organisation’s computer system install unintended functions, that aid cyber criminals in their malicious activities. Cyber criminals use increasingly sophisticated methods to infect targeted computer systems with malware which can result in:
Damaged files
Data breaches
Fraud
Network control
Here are ten common types of malware:
Viruses: Computer viruses start by infecting a clean computer file, before spreading to other files in the computer system.
Worms: Worms are particularly virulent types of viruses that self-replicate, find new targets, and then execute on the next computer automatically.
Ransomware: Ransomware encrypts an organisation’s data and computers to demand a ransom payment, usually in the form of cryptocurrency.
Trojans: A file that may seem legitimate but may contain hidden malicious code. When executed, the malicious code runs which can result in a range of cyber-attack vectors. For example, it can be used to install remote access backdoors to gain access to a network system or operating system.
Spyware: A type of malware designed to gather intelligence on an organisation and gain access to its confidential data.
Adware: Adware can typically be installed unintentionally (hidden in fine print) that collects personal information about the user to send unsolicited advertisements.
Rootkits: Provides cybercriminals remote access to a targeted system, gaining full administrator rights over a computer system.
Keyloggers: Records all keys typed on a keyboard so that cybercriminals can obtain confidential authentication details such as passwords or credit card information.
Botnets: A network of computers infected by malware to bring down your organisation’s network, spread malware, compromise data, or run tasks.
Scareware: A type of social engineering in which a victim is deceived into running malware out of fear.
Business Email Compromise
Business email compromise (BEC) attacks are targeted attacks that aim to deceive accounts payable staff into transferring funds to a fraudulent bank account controlled by the attacker.
According to the ACSC, there are three common deception tactics that cybercriminals use associated with a business email compromise, such as:
Invoice fraud: Compromising a vendor’s email account to send spoofed invoices with the changed bank account details on those invoice
Email impersonation: Sending fake emails impersonating a senior executive (CEO or CFO) within a targeted organisation
Mailbox compromise: Compromising a senior executive’s email account to send fake payment instructions to accounts payable staff via email using an authentic mailbox
Phone Scams
Cybercriminals not only resort to emails when launching their attacks. Mobile devices are increasingly used, as they allow attackers to circumvent email security controls. Attackers achieve this by calling or texting people claiming to be from well-known businesses or government agencies like the ATO.
When identifying phones scams there are five that are commonly used:
Robocalls
Calling Line Identification (CLI) Spoofing
Fake offers
Impersonation scams
If you receive a phone call or text that sounds too good to be true it may be an attacker attempting a phone scam. Other red flags include, an individual who is threatening you, asking to gain access to your computer for any reason or an unknown individual that has your personal details. If the phone call or text seems suspicious, rule number one is to never click on an unknown link and to never give out your personal details without verifying. Sophisticated attackers are always coming up with new ways to gain access to your bank account details like your credit card information or take control to commit fraudulent activities.
The impact of a cyber security breach is far too substantial for most small businesses to recover from. For instance, the average reported loss by a small business was $8,899 while medium businesses lost an average of $33,442 to cybercrime, according to mybusiness. Australian business owners should recognise the direct and indirect costs that they could potentially face if security controls are not in place.
The Cost of Business Disruption
One of the most significant costs that must be factored into cybercrime is business disruption. This is also among the hardest to quantify in advance, as each case of cybercrime varies in impact and intensity. Costs may include:
Rebuilding operational capabilities such as repairs to computer systems and equipment
Stolen funds
Theft of intellectual property
Theft of personal and financial data
Impacted Cash Flow & Financial Loss
When a small business is impacted by cybercrime, the resulting losses can have a detrimental impact on cash flow. other than losing bank accounts and loss of revenue, businesses may incur extra costs after a cyber security incident such as increased insurance premiums.
Reputational Damages
Small businesses that are impacted by a cyber security incident can have long-lasting effects on the business and reputation. Reputational damages involve:
Loss of customer trust
Loss of partner trust
How Can Eftsure Help?
The time is now.
The most effective way to protect your business is to strengthen your cyber security controls like multi-factor authentication and security software that facilitates continuous oversight and compliance monitoring.
By integrating Eftsure, you can safeguard your organisation’s financial assets from cybercrime with our fraud tech solution. Our solution is designed to alert in real-time each outgoing payment if there is a mismatch with a BSB or account number when processing an EFT payment. Allowing you to investigate any suspicious activity during the payment process.
For more information, download our cyber security guide for CFOs 2022 that can be used as the foundation of cybersecurity for small businesses. We explore a comprehensive guide on how to become involved in every stage of your organisation’s internal cyber security conversations, planning, and execution to mitigate a cyber-attack.
Contact Eftsure today, for a full demonstration of how we can protect your business in cyber security.
The Essential Cyber Security Guide for CFOs
Understand the full range of cyber threats facing the modern CFO.
It's the critical information you need to stay one step ahead of cyber criminals and prevent your organisation becoming a victim.
US construction and government sectors lost $7.7 million in BEC scams. Learn how fraudsters exploited financial controls and how finance leaders can protect their organisations.