Cyber attacks continue to pose a serious threat to business in Australia, with the Australian Cyber Security Centre revealing over 15,000 cyber security incidents affecting business were recorded in June 2015 – June 2016 period and ACORN reporting over one billion dollars of self-reported losses for individual and small businesses.
All organisations, irrespective of size, are reliant on information and data to run their businesses. This creates an opportunity for criminals, who target this information as a means to extort money from businesses, both big and small, ensuring the need for owners to secure their business’s data is imperative.
Whether it’s through hacking a browser, cyber espionage, ransomware or even Shadow IT; small businesses are particularly vulnerable to cyber attacks. Often, this is due to owners not having the time or resources to consider all of the potential security risks to their business, which may also mean the right level of systems are not in place to deal with cyber attacks effectively.
Further, in a services-based economy, many small businesses work with larger ones, making them a target due to the information they have access to and manage, or alternatively as a back-door entry to another larger target.
What are the biggest cyber threats?
The biggest cyber threats to small business and the gap in solutions required to protect businesses from them can be categorised into two separate scenarios.
Firstly, a user may visit a malicious website, which is the malvertising you often see online; or secondly, sending a malicious file to install ransomware which snatches your personal information.
Cisco’s research has shown that alarmingly 100% of organisations get infected with malware due to simple errors such as outdated software, opening unprotected attachments and following links that look malicious.
Small businesses are also often targeted for “social engineering” attacks, whereby an individual impersonates the CFO via email and asks for a subordinate to transfer a sum of money to a specific bank account.
The rise of Shadow IT
Shadow IT, which is defined as the unknown or unsanctioned usage of cloud IT apps and software within in a business environment where the normal requirements of security still apply, is damaging small business organisations and needs to be addressed.
Responding to Shadow IT requires businesses to understand how big a problem it is and the potential fallout. Just about every Cloud Access Security Broker (CASB) will do this: audit current use of a wide variety of cloud IT so that a business or organisation can understand how much shadow IT they have.
The second step can be harder: creating and enforcing a policy so that shadow IT becomes normal IT. Like all security, it is a mix of people, processes and technology.
Cisco helps business with our CASB solution, CloudLock, for auditing the use of shadow IT. CloudLock can also enforce IT policies to sanction various cloud IT applications, including authentication, passwords, users access, data monitoring and data leakage.
How to protect your business
As the digital age intensifies, our individual and organisational reliance on digital technology will increase, so too will the incentives and motivations for criminals that are equipped to take advantage of our digital adoption. Therefore, organisations will be forced to either evolve and adapt the security measures they utilise, or be sabotaged by cyber attacks, now is the time to act and make sure your business is secure.
Here are a few quick tips to help small businesses owners to protect themselves from cyber threats:
- Be vigilant with backing your devices and hard-drives up. The best way to do this is acquire an automated service that requires no thought or input to work.
- Only use reputable cloud services wherever possible (email, backup, notes, CRM, DNS, accounts) because if all your important data is in cloud services, recovering from a problem is simple. Changing devices is a no brainer and ransomware is less of a risk.
- Invest in a good ‘password manager’ tool and use it to select difficult random strong passwords for all your accounts; do not share passwords across accounts.
- Never download anything from an untrusted source. Ensure you buy applications from trusted stores like Apple Online Store, Microsoft or Google Play.
- Invest in one of the new breed of endpoint anti-malware solution.
- Turn off vulnerable browser extensions and add-ons, plus it is worth considering the use of a safe browser
- Ensure you select auto-updates on any software you are using to protect your system from attacks
Anthony Stitt is the General Manager of Security at Cisco ANZ