Cyber Security: Everything you need to consider in your trades business

Find out how to protect yourself and your clients from a cyberattack.

If cybercrime wasn’t on your radar before, it certainly will be now. Between the Medibank and Optus breaches, many Australians have been affected, leaving both businesses facing the aftermath.

While Medibank and Optus have the backing to hopefully survive, these incidents brought with them the stark realisation that every business – and consequently, every customer – is a potential victim of cybercrime.

Cybercrimes today are a huge and ever present threat for everyone around the world.

Every seven minutes, the Australian Cyber Security Centre (ACSC) receives a report of a cyberattack (just think of the number that go unreported, too) and in the past year, there were 76,000 cybercrime reports, an increase of approximately 12.6 per cent from the previous year.

In some respects, however, it’s easier to protect a small business than a large outfit like Optus. You’ve got fewer people, fewer ways in, and your data’s less valuable.

However, naturally, small businesses will have far less protection and cyber know-how than the bigger players.

In reality, they’re much easier targets.

It’s time to redress that balance.

Make no mistake: cybercrimes are increasing and evolving

Okay, first things first. It’s important we all know what we’re talking about here. So, let’s recap.

A cybercrime either uses or targets computers or other information communication technologies (ICTs) to carry out any criminal activities either for financial gain, to seek retribution, or for political reasons. These attacks can maliciously disable sophisticated computer networks, steal sensitive and private information, and initiate other criminal activities like cyberbullying, identity theft, email fraud, cyber extortion, and the sale of data and other illegal items.

As more people rely on internet-connected technologies and services, there is more opportunity for cybercriminals to carry out cybercrime activities using the anonymity of the internet.

Cybercrime is now big, big business, and is constantly evolving to counter advances in security systems, finding weaknesses to exploit and launch attacks on individuals, businesses, and the government.

Cybersecurity comprises protections based on people, processes, and technology. When one area is weak, that is what is targeted,” says Mike Ouwerkerk, the founder of Web Safe Staff.

According to Ryan O’Kell, Head of Cyber Security (APAC) at Waterstons Australia, the sophistication of cybercrime has evolved drastically over the last decade.

“The biggest evolution has been in the methods adversaries are using to monetise their access,” he explains.

“Ransomware crews have gone from just leaving a message saying, ‘Pay us’ to actually exfiltrating the data and saying, ‘Pay us, or we release all of your company’s information publicly.’”

Exhibit A: Medibank.

Wake up! Cybercrime is very, very real

The recent data breaches at Optus and Medibank collectively affected 19.7 million Australian customers.

In terms of wake-up calls, it rivals a combination of alarm clocks, a flock of roosters and a wandering band of pan-playing minstrels entering your room at 6am.

Cybercrime is a reality and is on the rise.

And you need to get your business as cyberattack-proof as possible. Otherwise, your business will grind – very quickly – to a standstill.

“A typical incident we respond to sees most staff sent home for the day, work comes to a halt, and third parties are informed that they’ve got a problem,” explains O’Kell.

As businesses store more of their customers’ data, they are increasingly at risk of cyberattacks.

“Work from home added new complexities around this, because now there are additional devices and networks outside of the control of IT, and these are often far less protected,” adds Ouwerkerk.

In 2021, the estimated cost to the Australian economy was a staggering $42 billion, according to the UNSW Institute for Cyber Security, while a 2022 study by IBM shows human errors account for 21 per cent of the breaches and IT failures result in two per cent of breaches responsible for data loss.

Time to get cyber-fit!

Small businesses make ideal targets for cybercriminals – without a full-time IT staff, small businesses are more vulnerable to data breaches and cyberattacks.

Besides financial damages, lost customer trust and cost to the reputation of the business, some small businesses may face extensive breach fines and penalties, which can amount to thousands of dollars.

The responsibility of keeping data secure lies with the business, especially when storing their customer’s information.

Business owners need to understand, identify, and guard against risks. O’Kell advocates proper planning to minimise the cost and damages and suggests implementing simple security measures at the very least.

“Daily backups that are offline or immutable can be the difference between being back online tomorrow and losing months of data. A robust detection system can be the difference between finding an adversary in your network and ejecting them before damage is done, or losing time, money and your customers’ trust.”

The future of cybersecurity

“Looking towards the immediate future, it appears that breaches will continue to rise,” says Ouwerkerk. “There’s an alarming lack of preparedness around data breaches for many companies, and staff remain largely untrained in spotting and dealing with scams.”

While more individuals are noticing data breaches of their personal information and learning what to do about them, businesses are falling behind.

Presumably, they will take cybersecurity more seriously with the introduction of new penalties around data breaches, creating fresh challenges.

“As cybersecurity expertise can be hard to come by, and a flood of demand will mean a lack of service or potentially substandard service as less capable vendors attempt to cater for the high demand,” Ouwerkerk explains.

“Unfortunately, with this demand, it would be reasonable to expect the price of cybersecurity services to increase.”

Like it or not, cybersecurity is a huge, huge threat – and as a business, it simply has to be taken seriously.

The warning shots have been fired.