For most of
the global population the year of 2020 was dominated by the dreaded C-word,
COVID-19 but for Australian businesses, government and general public there has
also been another, cybersecurity.
Australian Prime Minister, Scott Morrison, announced that Australia had been
victim to a sophisticated and sustained number of cyber-attacks by a
The announcement and the relentless headlines of businesses falling victim to ransomware and phishing attacks rapidly brought cybersecurity to the forefront of many people’s minds.
According to the OAICs bi-annual Notifiable Data Breaches Report, between January and June of 2020 alone, 518 notifications of potential breaches were received. Further illustrating this to be a consistent problem Australians face on a day to day basis.
In a recent
survey of our customers, 55 per cent of security professionals said they believed
their senior executives were a lot more aware of cyber risks, with another 38
per cent stating that awareness had definitely increased.
The top concerns identified for Australian businesses were ransomware and phishing attacks. This was unsurprising, given the 151 per cent increase of ransomware attacks being reported from January to June 2020 by OAIC.
where significant cybersecurity investments had been made by these businesses
in 2020, half of respondents said email and endpoint security solutions were
top of the list, closely followed by Security awareness programs at 43 per cent.
all prudent measures that can be taken by organisations to mitigate the risk of
attacks such as ransomware and phishing.
into what we hope will be a better year, what can small businesses do to
protect themselves in 2021?
your security awareness program fresh. Update content to include the latest
threats and change the activities and channels you use to share your awareness
program to help keep your staff educated on the latest risks.
security maturity assessment – benchmark your organisation’s current security
maturity, create a roadmap of improvements and revisit the score on a periodic
basis to track your progress.
organisation’s vulnerabilities. Undertake an adversary simulation such as
penetration testing or red teaming which can enable your business to identify
its weaknesses, and work on fixes, before an attacker finds them.
Invest in specialized phishing defence technology. Most next-generation secure email gateways will contain advanced features such as impersonation protection controls to help mitigate the risk of phishing against your employees.
However, if you are in a high-risk industry you may want to consider technology that is aimed at addressing this specific problem of phishing and Business Email Compromise and even Account Takeover Attacks.
Cybercriminals are becoming increasingly sophisticated year on year. Often, small businesses just don’t have the resources to protect their organisations from attack which can lead to vulnerability. Get advice from the experts where you can and educate your staff regularly to mitigate any potential breaches in 2021 and beyond.