Many businesses are operating completely unaware that their systems have already been compromised, according to the leader of a specialist SME IT integrated support business.
Using the example of a real estate agency client, David Cohen, founder and managing director of Systemnet, said at a recent cyber security roundtable that many cyber attacks, viruses and the like are not as visible as ransomware, and can go completely undetected.
“We all talk about ransomware, we talk about infections and things like that because that’s obvious … but how much damage is being caused by people getting into your systems and just constantly troving through information?” Mr Cohen said.
“We had a case … where we had a real estate agent who had been infected with a virus, and what they were doing every single night, at about 12 or one o’clock at night, was going through their entire system and zipping up all the files that had modifications on the previous day and emailing or FTPing it off to a third-party site.”
Mr Cohen said it was only by pure coincidence that the breach was discovered, when one of his IT engineers was working on something else and picked up the anomaly of the high-traffic volumes at that hour, which was then investigated.
According to David Higgins, regional director Australia and New Zealand at WatchGuard, SMEs are often “collateral damage” as malicious programs are increasingly unleashed on the open web and attack any unpatched or unguarded computers they discover, rather than specifically targeting a particular company, government body or industry.
“You’re not under attack, but you are collateral damage … and unless you do something about your security, you may not have a business,” he said.
Surprisingly, Mr Higgins added that even businesses that have already fallen victim to cyber attack are not learning from their experience, and not increasing their investment in security coverage and developing strategies to minimise their risk.