Latest News

In honour of Cyber Security Awareness month, CyberUnlocked will be exploring a range of associated topics for today’s business owners. In this blog, we’ll explore the recent rate of cybercrime in Australia.

News of major data breaches is becoming more and more common. Have you stopped to wonder why these incidents keep happening?

The fact is that very few businesses are learning how these breaches happen and what they should be doing to prevent it from happening to them. Cybercriminals can keep relying on the same old tactics to penetrate business’ systems because they keep working.

That’s why, every time a breach like this occurs, it’s vitally important that you find out how it happened and determine whether a similar vulnerability exists in your organisation. 

3 Lessons To Learn From Cybercriminals

The Office of the Australian Information Commission recently released a report detailing cybercrime in the first half of 2021. Here are four key lessons you should take away:

• You Can’t Hide From Cybercrime: Don’t assume that by avoiding major services and companies you can lower your chance of being affected by a cyber attack. 66% of data breaches affect less than 100 people.
  
  The fact is that your data has value. Cybercriminals don’t have to focus on massive companies like Amazon and Google in order to see an ROI on their efforts. They’re more likely than not to target and breach a small organisation that stores your data, often because these companies lack viable cyber security measures.
• Not All Attacks Are External In Origin: Don’t think it’s only cybercriminals that are responsible for data breaches. While they are the source of a majority of incidents, there are other factors you need to consider:

• Cybercriminals - 65%
• Internal employees - 30%
• System fault - 5%

The fact is that a range of cyber security incidents stem from internal issues. Whether it’s human error or a faulty device, the end result is the same: your data has been exposed.

Poorly trained employees make viable targets for a range of cyber scams. According to the report, the primary causes of human error-based breaches include:

• Accidentally sending sensitive information to the wrong contact - 40%
• Accidental publication of sensitive information - 23%
• CC and BCC errors - 8%

This is why employee awareness training is such a critical part of cyber security. No matter how well defended against external threats you are, just one wrong move by a staff member can negate your entire cyber security posture.

• Key Attack Vectors Remain Effective: As mentioned above, cybercriminals are able to use the same old methods because they’re still effective. The most common forms of attack in the first half of 2021 include:

• Phishing - 30%
• Stolen credentials - 27%
• Ransomware - 24%
• Hacking - 9%
• Malware - 5%
• Brute force - 5%

The three primary methods listed in that breakdown have been popular attack vectors for years now. Everyone has heard of these methodologies, and yet, as a nation, we’re still not effectively defending against them.

How These Stats Can Inform Your Defense

Cyber security is all about knowledge and prevention. The better you understand the threats you face, the more you can do right now to defend against them. 

By reading this article, you’ve taken a first step to better understand how cybercriminals operate. The next step is to mitigate the most common attack vectors. Here’s how:

• Train Your Staff: Business owners that are not confident in their staff’s level of cyber security may need to invest in training. Security awareness training helps employees know how to recognise and avoid being victimised by phishing emails and scam websites.
  
  They learn how to handle security incidents when they occur. If employees are informed about what to watch for, how to block attempts, and where they can turn for help, this alone is worth the investment.
  
  A comprehensive cyber security training program will teach staff members how to handle a range of potential situations:
  
  
• How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
• How to use business technology without exposing data and other assets to external threats by accident.
• How to respond when you suspect that an attack is occurring or has occurred.
  
  
• Manage A Robust Backup: The right backup solution will offer the following features and capabilities:
• Comprehensive Backups: The backup solution should provide both local onsite backup for quick recovery in instances of data loss, as well as an offsite cloud-based backup for when your business is hit with a critical disaster.  Furthermore, these offsite backups need to be protected by a digital air gap, ensuring they are not at risk of encryption in the event of a ransomware attack.
• Regularly Tested: Whoever is in charge of your security should regularly test the backups to verify their effectiveness in the event that something goes wrong with your onsite data.
• Convenient Restoration: Don’t settle for clumsy, all-or-nothing backups. Managers should be able to choose a point in time to restore in the event that the data has been deleted, corrupted, or there has been a malicious intrusion.
  
  
• Implement Multi-Factor Authentication: Multi-factor authentication (MFA) is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you're able to make sure that the person using the login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Don’t Fall For The Same Old Cybercrime Tricks

Cybercriminals have so many tactics and methods for penetrating an organisation like yours that you can’t settle for defending yourself on one front alone. That's why you need a comprehensive defense, that combines cyber security solutions, employee training, best practices, and detailed policies.

Take action now to defend yourself against these types of cybercrime attacks. If you don’t, it will only be a matter of time until you’re included in one of the above stats.