Is your business at risk of a cyber attack?
Recent high-profile cyber attacks on large organisations have shone a light on the importance of cyber security measures in businesses.
Forbes has ranked cyber security as the highest digital priority for CIOs in 2021, citing a record rate of cyber crime.
Federal Government statistics show that in 2020, there were 164 reports of cyber crime a day – or one every 10 minutes.
Recently, hackers have targeted media company Nine Entertainment and Parliament House.
But British-based cyber security firm Sophos reported that companies were still underestimating cyber security threats, despite a growing number of incidents.
CCIWA Information Technology Manager Clint Collard says no business is immune from such attacks, but there are ways to mitigate the risks.
We explore how you can protect your business.
Provide regular and detailed cyber security awareness sessions for your staff. These can be conducted via e-learning modules, videos or virtual or physical meetings.
Collard says the biggest issue around cyber security is humans, not machines.
"Behaviour has a lot to do with that,” he says.
“It is one thing being trained and being competent with your email, it’s another to believe fundamentally why you’re doing it. You are not doing it to pay lip service – you are doing it because you could very well be compromised.
“At one point in time you will be compromised, and it could be in ways you don’t know.”
Having a strong password, changing it regularly, using a password manager and two-factor authentication can help prevent cyber attacks.
The software encrypts your passwords by only retrieving a partial version, which can be accessed using a pin code.
It is important not to have the same password across different logins, and having a tool to manage your passwords eliminates the need to remember multiple passwords.
Two-factor authentication strengthens the security of your networks and makes it harder for hackers to gain access to your information by requiring them to overcome two hurdles.
Tools like Google Authenticator ask users to protect their passwords with a passcode, fingerprint or security key.
Privilege access should be reserved for a select few and should run separately to users’ individual accounts.
Business owners who provide administrator access to their entire staff may save time in the short term, but it leaves the organisation exposed to devastating cyber attacks.
Collard explains that hackers can infiltrate computer systems without a user’s knowledge if that person is logged in with administrator privileges.
“Malicious payloads are easier to execute if you are logged into a computer with administrative privileges,” he said.
A payload is described as the component of software that can cause harm to the victim.
Instead, provide the login details to a few people within your organisation, who can use them to download trusted links or software.
According to data safety website DataProt, 560,000 new pieces of malware are detected worldwide every day.
Software updates often contain critical patches to security holes the perpetrators of cyber crime expose, therefore it is crucial to keep your software up to date.
Stefan Prandl, Chief Technology Officer at WA cyber security start-up Hyprfire, explains that businesses often say, “why would anyone care to attack us?” or “who are these people and why do they have so much time on their hands?”.
“These questions come from a place of misunderstanding,” Prandl says.
“The growth of computers in the world has been at least evenly matched by the growth of cyber criminals. Many of these earn their living from their criminal activities."
Prandl says every mistake in code that developers make represents an earning opportunity, "allowing attackers to hit as many companies as possible before the 'demand' dries up – that is, it gets fixed and your IT team patches it.”
He adds that security engineers, malicious scripters, and even scientists hunt for these opportunities in the same way businesses hunt for market opportunities, and for the same reasons – commercial gain and reputation.
“The only way to get out of the target market for an attacker is to know what software is on your systems, and to keep them up to date," he says.
Anti-virus software should be regularly updated.
Even if you take all the measures to prevent a cyber attack, there is still a likelihood your business could be hit.
Prandl says businesses should prepare for a breach assuming they will be breached.
“Attackers are very persistent, very smart, and have all the benefits of automation that we enjoy in 2021," he says.
“The most advanced defence strategies assume that the breach has already happened, and look for threats proactively all the time.”
Equipping your business to respond to such an event will empower you to keep your business running smoothly while handling a security breach.
- establishing the important functions that keep your business running and have contingencies in place to protect those;
- consider what is valuable for you to operate such as payroll, employee records and intellectual property;
- document those records and find a way to operate if that information is lost, including back-ups or spare equipment; and
- create a disaster recovery plan that includes storing valuable information off site and is supported by a business continuity plan.