It’s tempting to think that cyber attacks only happen at the “big end” of the business scale, especially in the wake of incidents such as the widely publicised data breaches at Optus and Medibank in late 2022.
As an assumption though, it’s not entirely accurate. The Internet has radically changed the way that we do business, simplifying many processes and opening up an entire world to your business, depending on what it is that you do.
With that enhanced visibility comes enhanced risk at all levels, whether that’s cyber criminals looking to access valuable customer data for identity or direct credit fraud purposes, or those looking to leverage blackmail or ransomware demands. The practical side of this is that while big enterprises might represent a richer and bigger “pot” to try to get funds from, the implementation of many of these attacks doesn’t necessarily depend on the scale of the business.
If there’s an exploitable link in your business that criminals can access and doing so is a matter of clicking a mouse somewhere or (more likely) deploying a software bot to see if those weaknesses exist, then the cost of trying to the criminals is nearly zero, at which point everyone could be a target.
How bad is the cybercrime issue in Australia?
In a word, bad. To give this some context, the Australian Cyber Security Centre reports that in the 2021-2022 financial year, it received a cyber crime report approximately every seven minutes.
For the prior year, that figure was approximately every eight minutes, so they’re clearly ramping up in scale.
It is worth noting that the ACSC figures do include consumer-level reports for issues such as online harassment and stalking – both still cyber crimes, but a different set of issues – but still, the figures are not encouraging if you’re a business owner.
That’s because while consumers make up a proportion of the ACSC’s figures, they’re not the ones copping the largest financial losses. The largest targeted sector for this kind of loss was medium businesses (20-199 employees), where on average losses totalled $88,407 each. Large businesses were next worst with an average of $62,233, while small businesses were hit on average for $39,555.
For many small businesses that could be a death knell in the current financial climate.
Which industries are most prone to cyber attacks?
According to the ACSC’s figures, the most likely targets for attacks are government services themselves with the Commonwealth Government accounting for 24% of reported attacks. State, Territory and Local Government services then accounted for 10% of reported incidents. Many of those incidents were also likely less business/crime-influenced and more geopolitical attacks in scope.
If Government in its forms covers 34% of the scale, what other industries were most affected?
- Health Care and Social Assistance 9%
- Information Media and Telecommunications 8%
- Education and Training 7%
- Professional, Scientific and Technical Services 7%
- Construction 4%
- Manufacturing 4%
- Financial and Insurance Services 4%
- Electricity, Gas, Water and Waste Services 3%
That covers a lot of industries, but even if you figured you weren’t on that list, you’re not automatically safe; it could just mean that the scale of reported attacks was smaller. You never want to suffer this kind of issue, even once, so assuming you’re too small or not of interest to cyber criminals could be a business-destroying mistake.
Equally, the cyber security space is a moving platform where the pace is only accelerating and any “soft target” would be easy pickings for criminals whether they want data, money, or both.
How many businesses end up closing after a cyber attack?
This is a difficult number to measure, especially locally. Some attack vectors can fatally compromise a business structure, while others may disrupt online operations for a time, as with a distributed denial of service (DDOS) attack. Going offline if your business is primarily online isn’t desirable, but it may not sink your business while having your entire database stolen or wiped by ransomware could be.
Some studies suggest more than half of small businesses in international settings do not recover from a serious cyber attack. How does that relate against the Australian experience? Again, tricky to quantify, but if you look at those ACSC loss figures, you could apply those to your business to get an idea of how severe the problem could be for you. While nobody would want to lose those kinds of figures, if they’d be terminal for your business, it’s wise to be alert to the issue.
What makes companies vulnerable to cyber attacks?
The vectors that cyber criminals use can vary, including phishing via email, probing for known or emerging software vulnerabilities, poorly configured software or network hardware devices to name but a few.
It’s not just software or hardware at risk, either. An important but often overlooked part of keeping your business secure online is ensuring that all staff are properly trained in terms of their own risk factors. There’s little point in having a robust system to secure your business if a staff member keeps all the passwords on a sticky note taped to their desk, for example! Equally, making them aware and alert for fake messages designed to fool them into giving up credentials, ensuring that their own systems – especially for remote or work from home employees – are up to date are all vital parts of reducing your vulnerability to cyber attacks.
This also shouldn’t be seen as a “I fixed this last year” kind of issue. Because cyber security is an ongoing matter, it’s important to ensure that you stay safe on an ongoing basis. That includes making sure business software is up to date, you’re protected against malware and, when needed, older or no longer-security-updated hardware is replaced in a timely manner.
Of course, the best thing you can do to help prevent cyber risks is to make sure your devices are secure and to have them checked by a professional. If you need help securing your tech, that’s where we come in.
