SMEs urged to increase cyber security awareness in the midst of the Ukraine crisis

Cyber crime, trust, security risks

The majority of small to medium-sized Australian businesses are advised to ncrease their awareness of cyber security threats, as the ongoing Russia-Ukraine conflict has put a spotlight on the possible vulnerability of IT security systems to government-sponsored hackers.

According to HLB Mann Judd Melbourne risk and assurance director Kapil Kukreja, while the working from home phenomenon of the past two years elevated cyber security for many, the war in eastern Europe has exacerbated the need to review and manage online risks.

“Some businesses naively believe they are either too small or unknown to be a target, but the threats are real and here to stay. In fact, hackers are becoming increasingly sophisticated in how they target and attack and it’s no longer a case of if a business should come under attack, but when,” Kukreja said.

Australia, along with the US, UK, EU and other governments, has earlier condemned Russia’s aggression towards Ukraine, through the imposition of measures, including sanctions. Kukreja warned that there is a significant risk that Australian businesses could become collateral damage as result, given that they are part of a global supply chain.

“Russia is home to some of the world’s most infamous criminal hackers, some of them state-sponsored. NotPetya, the cyber-attack by Russian Military hackers is considered to be the costliest cyber-attack in history. The destructive software was hidden in an update of popular accounting software used in Ukraine but spread worldwide destroying the computer systems of thousands of companies and causing approximately $10 billion of damage. Similarly, the Wiper malware, which is currently prevalent in Ukraine, launched by Russia, can potentially spread in several countries within minutes, including Australia,” he said.

Kukreja advised companies to take steps to assess their preparedness in responding to any cyber security incidents and should review incident response and business continuity plans.

“Cyber risk should be the number one priority for Australian businesses with company boards and senior management needing to implement adequate security measures as a matter of urgency. For SME businesses, the impact of cyber fraud may be more profound, as the security of larger-sized organisations is that much more robust. Cyber security is a domain which is changing at a rapid pace, with cybercriminals devising new and sophisticated methods to circumvent the security controls. Organisations that have realised cyber risk is real and can have a detrimental effect on their reputation and operations are already further ahead than many others,” he concluded.