Cybercrime shows no signs of slowing down in Australia.
ReportCyber, the Federal Government’s online cybercrime reporting service, received close to 94,000 reports in FY2023, according to the Australian Signals Directorate (ASD) Cyber Threat Report 2022-2023.
While attacks on big business may hog the headlines, small enterprises are squarely in the sights of hackers and cyber criminals too.
These individuals are intent on disrupting and defrauding, and their methods are becoming increasingly sophisticated, according to Chief Information Security Officer Alexander Moskvin.
“Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns, featuring fake voice and video,” he says. “Even the smartest and most sceptical of targets can potentially be taken in.”
“And it’s easier than ever for perpetrators to home in on potential victims, courtesy of the fact that millions of Australians have had their personal information – email addresses, mobile numbers and personal identity data – leaked to the dark web during the last year.”
Meanwhile, businesses are at increasing risk of supply chain attacks. This kind of attack affords the perpetrators access to the systems and data of the victim’s partners and customers.
More hackers are starting to focus on this section of the ‘market’ – to the point that supply chain attacks may soon be offered as a service on the dark web, Moskvin says.
“Artificial intelligence can enable even ‘junior hackers’ to create sophisticated social engineering campaigns”
Strengthening defences
A major attack can be disruptive and expensive and while cyber insurance may help defray the costs, prevention is always better than cure. There are several ways businesses can strengthen their defences, to help reduce the likelihood of their falling victim.
First among these for SME is adopting the Essential Eight – a series of straightforward mitigation strategies developed by the ASD several years ago. They include patching applications promptly, implementing multi-factor authentication and running regular back-ups.
“They’re not fool proof but a small business that implements them across the board can become a much harder target,” Moskvin says. “Hackers will be more inclined to look for another victim whose systems offer an easier ‘in’.”
While it might not always be a full-time role, appointing a cyber owner is the best way to ensure suitable cyber-security measures are implemented and reviewed regularly.
“Unless someone is accountable for taking the actions, it’s easy for it to be everyone’s business but nobody’s task,” Moskvin says.
Keeping an eye on the security posture of your information and communication technology suppliers and partners is also a smart move, Moskvin says.
“Unfortunately, there are plenty of insecure systems on the market, so it pays to do your homework.”
Cover to help your business recover
A major cyber-attack or data breach can be disruptive and expensive. Cyber insurance is there to help your business bounce back and rebuild, should the worst occur.
To find a policy that’s right for your risk profile, contact your broker or adviser today.
Important notice – Steadfast Group Limited ABN 98 073 659 677
This general information does not take into account your specific objectives, financial situation or needs. It is also not financial advice, nor complete, so please discuss the full details with your insurance broker or adviser as to whether these types of insurance are appropriate for you. Deductibles, exclusions and limits apply. These insurances are issued by various insurers and can differ.
Disclaimer: The information contained in this article is general in nature and does not take into account your personal objectives, financial situation or needs. Please consider whether the information is appropriate to your circumstance before acting on it and, where appropriate, seek professional advice.