Many of us hear the term cyber risk and we automatically default to the thinking this risk is one isolated to the big end of town or the Federal Government having its site hacked on the eve of Census.
Yes, the attacks on the big end of town are the most heavily publicised but, when it comes to cyber risk, the approach of “this will never happen to me” is dangerous and leaves thousands of small to medium businesses hopelessly exposed to compromise. In a study held last year, security advisers Symantec, concluded that more than 50 per cent of the world’s cyber crime was imposed on businesses with fewer than 250 employees.
Locally, stories are abound of the unsuspecting GP or dentist arriving at their surgery for a day’s work, to find out that their patient database has been compromised and held to ransom.
These attacks now happen daily. Why the focus on small to medium business? In our experience, this is due to:
- Resources: bigger corporations have the resources to constantly improve their internet security systems.
- Complacency: most organisations believe that having updated anti-virus, a retail purchase firewall and the office machines security patched is enough to ensure they’re protected. There are cyber crime tutorials available which provide direction on how to compromise these systems.
- The bigger prize: although smaller businesses have less data to steal, their lack of effective security can act like a secret passage into the bowels of the larger companies they work with.
Is this risk going away? Absolutely not.
Cyber crime is one of the fastest growing industries in the world. Cyber crime is a business just like any other. When the internet first emerged, viruses and trojans were simply a way to cause business interruption and damage.
Today, these are a business like any other, whose focus is on maximising returns through exposing the vulnerabilities of its targets.
Not only do these professional hacking businesses offer software development kits but help desk services, just to ensure you are able to code your own variant. They will also provide help in deploying it and ensuring the hack is successful. If that wasn’t enough, your local friendly hacking professional will probably now also have a multi-lingual help desk to ensure that the victims of the hack have the support they need to pay the attacker.
Unfortunately, this is a risk that is expanding at such a speed, legislators and regulators are unable to keep pace.
How can you protect yourself?
- Understanding your risk profile. This is key to selecting the right tools to protect your organisation.
- Auditing and analysing your environment to ensure your potential as a target is minimised.
- Considering every aspect of your organisation’s digital profile from web site infrastructure security auditing, through to governance, risk and compliance. Assessing not only your digital presence, but the policies and procedures required to respond to a threat.