Understanding the risks – The explosion of cyber-fraud and why you need to protect your business

The impact of a cyberattack on your business can be devastating. In some instances, an attack can be catastrophic, with many years of blood, sweat and tears destroyed by a single piece of malicious code.

Over recent years, cyber-fraud has grown on an industrial scale by effectively targeting small- and medium-sized businesses that do not have the appropriate security measures in place. It is now a billion-dollar, global business with professional hackers actively selling their software openly to other hackers and criminal enterprises on the darknet.

It is a tragedy that for many businesses, by the time cybersecurity becomes a priority – when data has already been breached, stolen or held to ransom – it is too late.

Small business is the new target

Many small businesses hold the view they are too small, and their data too irrelevant, to be of any interest to hackers. It is precisely this thinking that has led to a reduced focus on security by the sector and the increased targeting by hackers. Many hackers now see small business as low hanging fruit that are easy to breach.

In fact, much of the massive increase in cyberattacks in recent years has been specifically targeting small business, with 58% of victims of data breaches categorised as small businesses¹. Whichever way you look at the numbers, it is sobering.

• More than 1 in 4 Australian businesses were the victim of some sort of cybercrime in 2017², up from 1 in 5 in 2016.
• Among small to medium sized businesses that have experienced a successful infiltration of the corporate network by ransomware, 22% reported that they had to cease business operations immediately (identical to the global average), and 18 percent lost revenue (higher than the global average)³.
• It is estimated that on average, it would cost a medium sized business (100 to 500 employees) about $1.9 million in a cyberattack⁴.

Would you pay the ransom?

A major report released by Telstra in 2017 identified the stark reality of the growing prevalence, sophistication and impact of ransomware on small business. It is clear from the report that businesses who ignore the threat are taking a massive gamble.

Ransomware is a form of malicious software that holds a device or system hostage by blocking access until a ransom is paid to remove the restriction. This form of cyberattack was thrust into the headlines by the Petya and WannaCry attacks that had a devastating impact on victims. With a 2,600% increase in the sale of ransomware on darknet sites since 2016 another major attack is never far away.

While having the right systems in place to avoid these attacks is the ideal approach, once breached it is recommended that you do not pay the attacker, as this rarely means getting access back. Unfortunately, small businesses will often pay this money, as not paying means they cannot run their business, only to find themselves poorer but with no data released and a new demand for more Bitcoin made.

In 2016, 24% of Australian businesses experienced a ransomware incident, which impacted their business. While the ransom demands from hackers sometimes seem relatively immaterial, the real impact is on lost productivity with impacted organisations not able to trade for 25 or more hours, with some organisations reporting that they were not able to operate for more than 100 hours.

It is time to get serious about security

Ransomware is just one way highly-organised and malicious criminals can turn your business on its head. While the threats are numerous, the solution is relatively simple.
Ensuring you understand more about cybersecurity, data protection and verifying your business is fully PCI DSS compliant are the most practical ways to ensure that your data, your business and your future are protected. We’ve created the Merchant Trust Initiative to ensure our customers understand the risks and take proactive action to protect their business.

References

1. DBIR Report (Page 5.)
2. Norton SMB Cyber Security Survey Australia 2017
3. Second Annual State of Ransomware Report – Australia 2017
4. Cyber Threats to Small-and-Medium-Sized Businesses in 2017
5. Cert Australia Ransomware
6. Telstra Cyber Security Report 2017