While you might applaud digital transformation in your sector, hackers, spammers, bots and malware, continue to be a menace to businesses. A cyber security incident is a single or series of events threatening digital information – its integrity, availability or confidentiality.

No wonder seven out of 10 businesses surveyed said they expected data breaches and cyber security to be their IT priority. With about 60% of targeted attacks on small-to-medium businesses, this should be a priority.

Last year, the federal government released Australia’s Cyber Security Strategy 2020, pledging $1.67 billion over the next decade towards cyber safety. It noted the Australian Cyber Security Centre (ACSC) responded to almost six cyber security incidents per day in the 12 months to the end of June 2020.

Globally, cybercrime is expected to cost $US6 trillion this year, double that of six years ago. In Australia, the annual estimate is $29 billion.

Here’s an insight into how the hackers get in. The most commonly exploited applications globally are:

  • Microsoft Office (74.83%)
  • Internet browser (11.06%)
  • Android (8.7%)
  • Java (3.12%)
  • Adobe Flash (1.54%)
  • PDF (0.74%).

This year, we expect to see many Australian businesses tackle the following top four cyber threats, as part of best practice data protection.

Failure to do so can:

  • Lead to serious economic, reputational, and legal costs
  • Jeopardise your insurance cover if you’re not taking appropriate protection measures
  • Leave you vulnerable to follow-up attacks
  • See you taken to court for breaches of privacy regulations.

1. Fileless attacks

An email with a link to a malicious website could trigger a fileless attack. This is when the attackers use your computer’s existing tools and features to access and damage your data, rather than generate new files. As such they’re difficult to detect. This back-door attack has been around for decades and saves hackers time they’d otherwise spend developing malware. File-less attacks are becoming more common in targeting infrastructure and management tools to disrupt business operations.

2. Cloud and remote service attacks

Cybercriminals are continuing to exploit cloud-based services, on-demand data stored on the Internet. A McAfee report showed a 630% rise in global cloud-service attacks in the first four months of last year. Most incidents directly targeted cloud accounts rather than remote workers’ computers.

3. Ransomware extortion

Global technology company, Acronis International, has dubbed 2021 the year of extortion in its latest report. Ransomware is top of its list, expected to affect all industries and sectors. Ransomware blocks access to a computer system or files, sometimes preventing data backup. Perpetrators usually demand a ransom – on average about $AU130,000 – to decrypt the data as well as not disclose stolen confidential data to the public.

4. Malicious insiders

Employees are your biggest risk, particularly since the pandemic restrictions have meant many still work from home. Could your staff be a hurdle to your cyber security – unintentionally or maliciously? The latter constitutes a major threat because insiders use their credentials to access the critical assets of your business. They could be staff, former employees, contractors or business associates who have legitimate access to your data and systems. They can destroy, steal, spill data or sabotage your computer system. If any illegal activity is uncovered, you’ll need to report this to the police.

Managing your risk profile

Cyber-savvy companies ensure all staff undergo cybersecurity best-practice training. That includes secure passwords such as multi-factor authentication, awareness of phishing emails, and not clicking on pop-ups. IT professionals should have up-to-date skills and knowledge for timely advice to senior leaders on threats. And ensure you promptly deactivate employees’ access to your systems as soon as they leave your employ.

Some companies are increasingly using artificial intelligence, such as to stress test their security strongholds for maximum protection. Elsewhere, others are using cloud-based secure web gateway so workers can remotely connect their corporate devices to their enterprise’s network. This is preferred over a virtual private network, which does encrypt data, but raises the risk of Trojans from visiting phishing websites or downloaded compromised files.

Feel like you have a lot on your cyber-threat ‘to do’ list? We can help with guidance on how to reduce your risk profile and ensure your business stays safe with cyber insurance.