Cybercrime and Australian Business
What is Cybercrime?
Cybercrime is a term that covers a broad scope of criminal activity using a computer. Some common examples of cybercrime include identity theft, financial fraud, website defacement, and cyber bullying. At a business level, cybercrime may involve the hacking of staff and client data, theft of intellectual property or illegally accessing financial and operational information.
It is well documented that instances of cybercrime are on the rise in Australia with criminals increasingly targeting all levels of business.
Unfortunately, it is only a matter of time before your business operations falls victim to a malicious cyber based attack. The Australian government has reported that 60% of cybercrime attacks are aimed at Small to Medium businesses.
In 2016, the average time it took to resolve a cyberattack in Australia was 23 days, with an average cost of $276,323. This figure does not account for lost revenue and intellectual property which can climb in to millions of dollars. When attributed to a malicious attack by a trusted insider or disgruntled employee, the average resolution time is increased to 51 days.
The overall monetary impact of cybercrime on business in Australia is estimated to be over one billion dollars a year.
There are also fines and civil penalties for companies covered by the Privacy Act and other government legislation.
Examples of Cybercrime
An example of one type of cybercrime is a business account takeover. This happens when cybercriminals compromise a business computer – generally through a phishing attack - and install malicious software (Malware) such as keyloggers which record user key strokes, passwords, and other critical information. This in turn allows them access to programs and web sites using company based log-in credentials. Once these criminals steal your password, they may be able to breach your online bank accounts, email addresses or other sensitive information.
Ransomware attacks in Australia are on the rise with Trend Micro recording over 700,000 attacks in 2017 alone. Australia is the number one target for ransomware in the Southern Hemisphere.
Cybercriminals and associated networks can operate from anywhere in the world – the internet is borderless and anonymous.
Why is Cybersecurity Important?
The effects of a single, successful cyberattack can have far-reaching and catastrophic implications to your business including financial losses, theft of intellectual property, and loss of consumer confidence and trust. Australians are increasingly conscious of their privacy and expect that any information they provide to a business is being adequately protected against unauthorised access and release. A cyber or malicious insider attack can be devastating for the future of a business with the reputational damage associated with losing client personal and financial data more than enough to ensure that clients take their business elsewhere.
What information does your business need to protect? Do you hold critical intellectual property, sensitive business and client information, research and development data, or payment card information?
Does your business fall within the category of APP Entity and therefore required to comply with the Australian Privacy Principles? These are but some of the questions that dictate how information and data is required to be stored and protected.
Australian businesses of all sizes are adapting online and computer based technology at a rapid rate; whether using the cloud, wearables, Wi-Fi, VPN, VOIP, video conferencing, fixed servers or a simple hard drive.
Unfortunately, many business entities think they can protect their data, devices and computer systems with anti-spyware and anti-virus software platforms only.
However, the threat of cybercrime globally and in Australia is constantly evolving, and criminal networks are becoming more and more sophisticated.
Therefore, additional layers of defence and processes are required.
Minimising the Risk to Your Business
Each business is different and has its own unique information security challenges; whether working from home or on the road, job sharing, or utilising managed and communal office spaces or standalone premises.
Training and awareness are important first steps in mitigating the risk of cyberattack. All management and employees should be aware of cyber threats and the actions they can take to protect their information.
It is also very important that businesses understand how their network is organised, criticality of their systems and devices, the value of company and client private and sensitive information and how it is stored and protected.
In addition, the type, quantity, age, location and deployment of ICT systems and infrastructure need to be considered as part of an overall information security strategy.
Utilising a trusted third-party to develop and conduct a specific and systematic assessment of your business operations will assist you to gain greater understanding of your ICT infrastructure and ensure that all threats and risks to your company are identified.
A specific, and tailored information security strategy will ensure that your business has the protection it needs and make the best use of available finances.