Cybercrime is a growing concern in Australia as more businesses make the shift to digital. In 2018, high-profile data breaches were prevalent. Commonwealth Bank fell victim to a cyberattack that exposed 20 million customers’ financial records. Meanwhile, genealogy website MyHeritage experienced a breach that leaked the data of over 92 million users.
These cases show that hackers are clearly becoming more proficient at hunting down big targets, but small- and medium-sized businesses (SMBs) are not so safe either. Although cyberattacks involving SMBs don’t make the headlines, they are arguably the most vulnerable and most targeted groups.
SMB cyberattacks are on the rise. A 2017 cybersecurity survey found that 25% of Australian SMBs have experienced a cyber incident — up from 19% in the previous year. A recent report also found that 55% of SMBs are unaware of security issues, contributing to an increase in cyberattacks.
Even more worrying is the variation of cyberattacks that SMBs face. Over the last five years, hackers have used denial-of-service attacks (DoS) to shut down networks and brute force methods to guess passwords. Also common are ransomware attacks like WannaCry and Petya, which hold company systems and data hostage until the ransom is paid.
However, the biggest threat plaguing SMBs is phishing, a scam in which hackers send fraudulent emails to dupe victims into clicking a rogue link, disclosing private information, or opening a malicious attachment. According to Scamwatch, Australian businesses have lost over $2.8 million to fake business emails, and the costs will likely increase as hackers refine their tactics in 2019.
Hackers also tend to target SMBs in certain industries. According to the 2018 third quarterly Notifiable Data Breach Statistics Report, the private healthcare, finance, and legal and management sectors suffered more data breaches due to a combination of employee negligence, compromised credentials, and online scams.
Why no company is too small for hackers
Any business, no matter how big or small, is a potential target, and those with particularly weak defences tend to get more attention from cybercriminals. Large enterprises are better protected because they have access to security professionals and software. SMBs, on the other hand, usually can’t afford such technologies and services, making them far more susceptible to data breaches. At most, they’ll have only firewalls and antivirus software, which are insufficient against modern-day attacks.
Many SMB owners also assume they’re not worthwhile targets for hackers, and therefore have lax security measures. In fact, the NSW Small Business Commissioner found that 42% of business owners believe they could reduce the risk of cyberattacks by limiting their online presence. This “security through obscurity” strategy is highly ineffective, as a majority of those businesses also suffered a cyber incident.
What’s more, modern SMBs store massive volumes of personal data, including payment details, contact information, and login credentials, that command a high price on the black market. To a hacker, the combination of weak security practices and valuable data translates into an easy payday.
How to stay safe
SMBs must have a more holistic and proactive approach to security. In addition to firewalls and antivirus software, they need to install advanced threat detection tools and update their programs whenever possible to defend against the latest attacks.
As for the human element of security, training employees to be sceptical of every email, link, and attachment they encounter can go a long way in preventing phishing scams. Security training must also cover password best practices, including setting long and unique passwords for each account, and enabling multi-factor authentication, which adds another layer of security on top of passwords in the form of SMS activation codes or fingerprint scans.
For SMBs that don’t have the dedicated experts to provide training and maintain IT, working with world-class managed security services providers like Empower IT is the perfect solution.
As a leading security expert in Australia, Empower IT Solutions provides enterprise-grade threat detection tools, email security software, and proactive monitoring services for an affordable monthly fee. We also offer extensive cybersecurity training and password management solutions to minimise data breaches caused by careless employees. Call us today to keep your business out of harm’s way.