Ransomware targeting Aussie SMEs - What can you do about it?
Ransomware activity in Australia is on the rise, with several reports revealing some alarming trends that could have an impact on Australian businesses.
The ACCC has released its annual Small Business in Focus report, and it has revealed the ACCC has received 7,600 enquiries and complaints from small businesses in the first half of 2016.
The report shows ransomware is one of the biggest problem, leading small businesses to lose $1.6 million in scam activities in the past six months.
Moreover, TrendMicro recently released research showing that Australia was the second country in the world targeted by ransomware attacks, and Kaspersky Lab’s new report on ransomware shows that SMEs are the most targeted organisations.
There used to be a common belief that hackers are mostly targeting big international organisations. According to James Walker, founder and general manager of Brisbane-based IT services company Computer One, this had lead to local and smaller organisations not considering cyberattacks and ransomware as potential threats to their business.
Walker says this is far from the reality.
“Companies of all sizes, including small businesses, should assume that they will suffer a data breach whether caused by internal or external factors,” says Walker.
Walker says today’s hackers have become very powerful, mostly because IT has now a role to play in every part of an organisation, whether big or small.
“And in most organisations, IT systems are responsible for making the business run efficiently, storing confidential and highly sensitive business data, and supporting the services that organisations are offering to their clients,” he adds.
Walker says a proactive security approach and a change in the view of security responsibilities ownership should be SMEs top two priorities.
“Organisations should consider security as a business priority,” he says. “Data is so important today, it is becoming organisations’ main asset.
“In this context, everyone in the organisation should be required to be an active participant in securing the organisation”.
According to Walker, it is key that Australian SMEs implement a continuous vulnerability scanning solution, which will help proactively patch newly-discovered vulnerabilities in their operating system, network management points and key productivity software like Adobe products and internet browsers.
“Organisations should regularly test their disaster recovery plan for the once or twice a year they might need it,” adds Walker.
“The assumption is necessary because it requires you to look at the recovery side of IT rather than prevention alone”.
Walkers says while reactive security is necessary, in today’s digitised world it is far from being enough.
“With the rise of trends such as IoT and the increasing communication between internal IT and business operations platforms with the external world, the surface of potential attacks is becoming huge,” he explains.
“This is why adopting a proactive approach is essential”
“Cryptolocker showed us that every company can be a victim of cybercrime, no matter how mundane the industry,” says Walker.
“It doesn’t matter whether or not the hacker thinks your data is important – if YOU think it’s important then you are a good target.”