Many small and medium businesses may be vulnerable to cyber threats, often due to a lack of information security resources. The Australian Cyber Security Centre (ACSC) found that 62% of Australian small and medium businesses they surveyed had experienced a cyber security threat. This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, which would make large organisations more likely to be targeted – but that certainly isn’t always the case.
According to the 2019 Telstra Security Report, one of the top challenges for security professionals throughout the year was managing the impact of new technologies such as the Internet of Things (IoT). And it was predicted that by 2020 more than 25% of identified enterprise attacks will involve the IoT. But with the implications of COVID-19 and many more people working from home, the need for cyber security has increased. Around one-third of global cyber threats occurred on IoT devices, according to Nokia’s Threat Intelligence Report 2020.
One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology using malware known as Mirai. The attack took down sites – including CNN, Spotify and Twitter – for long periods, showing how hackers can control a growing number of online gadgets connected to the IoT and disrupt the online world on a massive scale.
To help prevent cyber security threats, you can start by looking at the security measures you already have in place – and identify where you might have some gaps. Audits can include an assessment of emerging cyber threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this type of threat is to devise a ‘safe list’ of assessed, permissible apps and ensure your team stick to the agreed list.
You should also be mindful of the potential threats posed by ‘bring your own device’ (BYOD). One effective preventative cyber security measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords they are formidably difficult to work out. You could also consider changing your compliance requirements.
The Asia Pacific region’s most common malware strain – ransomware – holds a device or system hostage by blocking access until a ransom is paid. Ransomware can be shared through digital attachments, or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits a compromised site. Training your team to identify threats is one of the most effective forms of cyber protection. It helps to prevent malware from infiltrating your business’s network in the first place. And don't forget your computer security by aways keeping your software updated.
Your audit should integrate into an ongoing cyber security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. You will almost certainly need assistance, so don’t be afraid to reach out. If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent your business’s reputation and also result in legal compliance issues.
Take our cyber security quiz to find out jsut how effective your current cyber security measures are in protecting your business.
*Originally published on June 14th 2019. Updated February 19th 2021.