As Australian businesses continue to move their operations online, large corporations and small to medium enterprises (SMEs) alike are grappling with increasingly savvy cyber attacks. According to Business Victoria, such attacks can cost businesses an average of $276,000 to detect, recover, and repair. SMEs are particularly vulnerable, with some sources suggesting that as much as 43% of all cyber attacks in Australia target smaller businesses.
Against this backdrop, it’s critical that business owners keep informed of the current cybersecurity trends and equip themselves with the tools to combat them. That’s why we’ve teamed up with cyber security experts ESET to bring you the top 5 cyber security trends Australian business owners need to know in 2020. From ransomware attacks to business email compromise scams, read on to learn cybersecurity trends in 2020 that you should be mindful of.
1. Ransomware attacks on the rise
‘Ransomware’ describes any malicious software that bars access to business data until a ransom sum is paid to the cyber attacker. According to Telstra, over 50% of Australian businesses targeted by a ransomware attack pay this sum. Attacks of this nature are pervasive: In 2019, Business News Australia reported that 91% of Australian and New Zealand SMEs suffered ransomware attacks between 2017 and 2019, with an average cost of $208,000 per attack.
Experts have already advised that ransomware remains a threat in 2020, and recommend that all businesses update and strengthen their security controls and run scans for malicious software.
2. Cryptojacking remains a threat
Bitcoin users beware: With exciting new cryptocurrencies come new cyber threats. Cryptojacking, or the unauthorised use by a third party of business computers to mine cryptocurrency, remains a cyber security trend in 2020. Although the popularity of this particular type of cyber attack has declined somewhat since 2017 as aggressors shift their focus toward ransomware, businesses should still be vigilant.
Many cryptomining attacks are executed through phishing emails that then load scripts on user computers. To protect yourself and your business, educate your staff about the risk and provide training in how to recognise a potential phishing attack.
3. Supply chain attacks grow more sophisticated
In today’s increasingly connected business landscape, it’s not uncommon for businesses to partner with a number of other organisations to deliver their service offering. From suppliers and logistics companies to warehouse operators and factories, each of these partners form a link within a supply chain. As these supply chains grow longer and more complex, supply chain attacks are, unsurprisingly, becoming more common.
Also known as ‘’secondary targeting’’, supply chain attack examples include high profile cases like the 2013 cyber attack on Target Corporation. In this case, cyber criminals accessed Target’s secure network by first breaching the company’s HVAC supplier. After compromising the supplier’s database, attackers were able to use their credentials to access Target’s database - and the credit card details of up to 40 million customers.
The lesson for all businesses? Ensure all members of your supply chain are trusted partners, and invest in
4. Don’t forget about phishing
Phishing scams have been around since the earliest days of the internet, and continue to evolve at breakneck speeds. Business Insider Australia reports that phishing attacks remain a very real - and increasingly devastating - cyber threat to businesses in 2020.
In large part, the endurance of phishing attacks as a major cyber threat over the years is due to their versatility. Assailants using this type of cyber attack constantly adapt and refine their mode of operation, making attacks hard to predict and even harder to prevent. 2020 has already given rise to a number of novel phishing scams, including PayPal login scams that collect user credentials via a fraudulent login scheme. To protect themselves from this type of attack, businesses are advised to exercise constant vigilance and ensure their IT security software is up to date.
5. Business email compromise scams gain ground
Since their emergence in the mid-2010s, business email compromise scams, or BEC scams, have wreaked havoc on companies around the world. In this type of cyber attack, assailants use the publicly available email addresses of executive financial staff to make fraudulent wire transfers on behalf of the company. Such transfers typically cannot be recovered, and can cost Australian businesses as much as $190 000.
The threat of business email compromise fraud is so great that INTERPOL, the paramount international crime prevention agency, has published guidelines on managing the risk. Their advice to companies follows cyber security best practice, and encourages the use of firewall and antivirus software and spam filters, while warning against opening attachments or links in emails from unknown senders.
Protect your business from cyber attackers
While the cyber security threats faced by Australian companies are growing, they’re part and parcel of doing business in today's digital landscape. As such, owners of all businesses - no matter how big or small - should take their cyber security seriously and practice a policy of constant vigilance.
For peace of mind that your business is protected against evolving digital attacks, consider investing in a security solution like ESET Secure Business or ESET Threat Intelligence service. To learn more about these software solutions and which is right for you, get in touch with ESET today!