For most of the global population the year of 2020 was dominated by the dreaded C-word, COVID-19 but for Australian businesses, government and general public there has also been another, cybersecurity.
Last year, Australian Prime Minister, Scott Morrison, announced that Australia had been victim to a sophisticated and sustained number of cyber-attacks by a state-based actor.
The announcement and the relentless headlines of businesses falling victim to ransomware and phishing attacks rapidly brought cybersecurity to the forefront of many people’s minds.
According to the OAICs bi-annual Notifiable Data Breaches Report, between January and June of 2020 alone, 518 notifications of potential breaches were received. Further illustrating this to be a consistent problem Australians face on a day to day basis.
In a recent survey of our customers, 55 per cent of security professionals said they believed their senior executives were a lot more aware of cyber risks, with another 38 per cent stating that awareness had definitely increased.
The top concerns identified for Australian businesses were ransomware and phishing attacks. This was unsurprising, given the 151 per cent increase of ransomware attacks being reported from January to June 2020 by OAIC.
When asked where significant cybersecurity investments had been made by these businesses in 2020, half of respondents said email and endpoint security solutions were top of the list, closely followed by Security awareness programs at 43 per cent.
These are all prudent measures that can be taken by organisations to mitigate the risk of attacks such as ransomware and phishing.
So, moving into what we hope will be a better year, what can small businesses do to protect themselves in 2021?
Firstly, keep your security awareness program fresh. Update content to include the latest threats and change the activities and channels you use to share your awareness program to help keep your staff educated on the latest risks.
Conduct a security maturity assessment – benchmark your organisation’s current security maturity, create a roadmap of improvements and revisit the score on a periodic basis to track your progress.
Test your organisation’s vulnerabilities. Undertake an adversary simulation such as penetration testing or red teaming which can enable your business to identify its weaknesses, and work on fixes, before an attacker finds them.
Invest in specialized phishing defence technology. Most next-generation secure email gateways will contain advanced features such as impersonation protection controls to help mitigate the risk of phishing against your employees.
However, if you are in a high-risk industry you may want to consider technology that is aimed at addressing this specific problem of phishing and Business Email Compromise and even Account Takeover Attacks.
Cybercriminals are becoming increasingly sophisticated year on year. Often, small businesses just don’t have the resources to protect their organisations from attack which can lead to vulnerability. Get advice from the experts where you can and educate your staff regularly to mitigate any potential breaches in 2021 and beyond.
Dane Meah, Co-Founder and Co-CEO, InfoTrust