The impact of a
Over recent years, cyber-fraud has grown on an industrial scale by effectively targeting small- and medium-sized businesses that do not have the appropriate security measures in place. It is now a billion-dollar, global business with professional hackers actively selling their software openly to other hackers and criminal enterprises on the darknet.
It is a tragedy that for many businesses, by the time cybersecurity becomes a priority – when data has already been breached, stolen or held to ransom – it is too late.
Small business is the new target
Many small businesses hold the view they are too small, and their data too irrelevant, to be of any interest to hackers. It is precisely this thinking that has led to a reduced focus on security by the sector and the increased targeting by hackers. Many hackers now see small business as low hanging fruit that
In fact, much of the massive increase in
- More than 1 in 4 Australian businesses were the victim of some sort of cybercrime in 20172, up from 1 in 5 in 2016.
- Among small to
medium sizedbusinesses that have experienced a successful infiltration of the corporate network by ransomware, 22% reported that they had to cease business operations immediately (identical to the global average), and 18 percentlost revenue (higher than the global average)3.
- It is estimated that on average, it would cost a
medium sizedbusiness (100 to 500 employees) about $1.9 million in a cyberattack4.
Would you pay the ransom?
A major report released by Telstra in 2017 identified the stark reality of the growing prevalence, sophistication and impact of ransomware on small business. It is clear from the report that businesses who ignore the threat are taking a massive gamble.
Ransomware is a form of malicious software that holds a device or system hostage by blocking access until a ransom is paid to remove the restriction. This form of cyberattack was thrust into the headlines by the Petya and WannaCry attacks that had a devastating impact on victims. With a 2,600% increase in the sale of ransomware on darknet sites since 2016 another major attack is never far away.
While having the right systems in place to avoid these attacks is the ideal approach, once breached it is recommended that you do not pay the attacker, as this rarely means getting access back. Unfortunately, small businesses will often pay this money, as not paying means they cannot run their business, only to find themselves poorer but with no data released and a new demand for more Bitcoin made.
In 2016, 24% of Australian businesses experienced a ransomware incident, which impacted their business. While the ransom demands from hackers sometimes seem relatively immaterial, the real impact is on lost productivity with impacted organisations not able to trade for 25 or more hours, with some organisations reporting that they were not able to operate for more than 100 hours.
It is time to get serious about security
Ransomware is just
Ensuring you understand more about cybersecurity, data protection and verifying your business is fully PCI DSS compliant are the most practical ways to