Many small and medium businesses may be vulnerable to online threats, often due to a lack of online security resources. The Australian Cyber Security Centre (ACSC) found that 62% of Australian small and medium businesses they surveyed had experienced a cyber security incident. This seems counterintuitive because a common myth is that the bigger the business, the bigger the payoff, which would make large organisations more likely to be targeted – but that certainly isn’t always the case.
According to the 2019 Telstra Security Report, one of the top challenges for security professionals throughout the year was managing the impact of new technologies such as the Internet of Things (IoT). And it was predicted that by 2020 more than 25% of identified enterprise attacks will involve the IoT. But with the implications of COVID-19 and many more people working from home, around one-third of global cyber attacks occurred on IoT devices, according to Nokia’s Threat Intelligence Report 2020.
One example in recent years is the case of hackers breaching IoT security cameras to access networks and create a huge DDoS attack. The attackers hijacked CCTV cameras made by the surveillance firm Hangzhou Xiongmai Technology using malware known as Mirai. The attack took down sites – including CNN, Spotify and Twitter – for long periods, showing how hackers can control a growing number of online gadgets connected to the IoT and disrupt the online world on a massive scale.
To help prevent cyber threats, you can start by looking at the security measures you already have in place – and identify where you might have some gaps. Audits can include an assessment of emerging threats, such as ransomware and ‘shadow IT’ (solutions built and used inside organisations without explicit organisational approval). One way to address this threat is to devise a ‘safe list’ of assessed, permissible apps and ensure your team stick to the agreed list.
You should also be mindful of the potential threats posed by ‘bring your own device’ (BYOD). One effective preventative measure is to create robust passwords. A password that uses symbols, numbers and letters is tougher to crack. Consider implementing 16-character passwords that are formidably difficult to work out. Changing compliance requirements may also deserve consideration.
The Asia Pacific region’s most common malware strain – ransomware – holds a device or system hostage by blocking access until a ransom is paid. Ransomware can be shared through digital attachments, or it can be dropped onto vulnerable devices by ‘exploit kits’, when the user visits a compromised site. Training your team to identify threats is one of the most effective ways to prevent malware from infiltrating your business’s network in the first place. Keeping your software updated is also a vital consideration.
Your audit should integrate into an ongoing security strategy, involving a partner who is capable of ensuring your cyber security stays current at all times. Doing the job alone is difficult. You will almost certainly need assistance, so don’t be afraid to reach out. If you just wing it, you may suffer consequences beyond financial loss. A hacker attack may dent your business’s reputation and also result in legal compliance issues.
*Originally published on June 14th 2019. Updated February 19th 2021.