Cyber crime is an ongoing and growing problem around the world. And unfortunately, Australia is most definitely not exempt from the trend. However, cyber crime is a broad umbrella, and it’s worth mentioning that not all criminal cyber activities are created equal. In theory, cyber crime is any criminal activity that involves utilising a computer, or network. This definition is admittedly vague.
Check out our latest article on cybercrime in Australia.
However, in practice, cyber crime tends to be attacks carried out against computers, networks and devices with the intent to damage or disable. This is primarily done by spreading malware or viruses, and then leveraging these threats in order to steal data or for financial extortion. In short, this is a whole new world of crime. There’s not a clear parallel in the world of physical crimes. Unleashing a virus within someone’s network is probably akin to someone letting a bunch of rabid monkeys loose in your house, in order to create chaos. And then demanding payment to remove them. Not exactly a frequent scenario in the real world (thank goodness).
The Upward Trend of Cyber Crime
Within Australia specifically, the statistics are disturbing. We are seeing a significant rise in cyber crime acoss the country, and specifically targeting business. It’s crucial to realise that this is not just a case of 79-year-old Joan falling for the Nigerian prince scam.
Australian businesses have the largest increase in cyber crime driven by people-based attacks. We have seen a 33% growth in cyber attacks through these methods.
Furthermore, Australian organisations have seen an 18% jump in security breaches from 2017 to 2018, alone. This is leading to exponential growth in the cost of cyber crime, as typically, businesses are not expanding their cyber security budgets to match these growing rates of attack.
There doesn’t seem to be an specific word for it, but let’s say your neighbourhood was doing the opposite of gentrifying (perhaps we can call it urban decay). Each year, there are more break-ins and related crimes. In spite of this, you haven’t bothered to actually install a security gate, or lock the door. This seems… short-sighted at best. The same goes for Australian businesses and the state of cyber crime as we know it.
These correlating statistics tell us that despite the worrying increase in cyber crime and cyber attacks, Australians (businesses included) are either ignorant of the risks, or don’t care enough to take precautions. And frankly, given the wide availability of resources, ignorance is not much of an excuse these days. There are several governmental initiatives strictly dedicated to cyber security and preventing cyber crime. These departments keep up with current trends and offer a lot of useful advice. You don’t need to be hip-deep in IT and cyber security in order to be cyber aware.
How Will Cyber Crime Affect My Business?
Firstly, let’s be clear. It’s really a matter of when, not if. When it comes to cyber crime, it’s best to assume that attacks are constantly coming your way. They may not be as overt as someone hacking in and taking over the system, but there’s no doubt the attempts are frequent enough. Consider every dodgy phishing email that gets caught in spam filters, for example.
So, when you consider cyber attacks as a more or less constant barrage against your business… it becomes easier to view it as a matter of when, rather than if. Eventually one will slip through the cracks. Your goal is to minimise those cracks, and minimise the potential damage from said attack.
So, immediately we can see that Australian businesses are being affected in a major way. An 80% increase in the loss and theft of sensitive data is absolutely huge. However, if the potential loss of data doesn’t spook you (spoiler alert: it definitely should). Then consider the following:
This is the big one that kicks everyone into gear. It’s a material world, and we are all material girls. Any cyber crime or data breach comes with it’s own associated costs. Both direct, and indirect. To be clear, the average cost of a data breach is nearly $2 million.
This includes the costs of investigation, security consulting, associated costs of PR and image management, potential downtime from losing data access, auditing and addressing your cyber security, and of course, possible revenue loss from clients jumping ship. These costs are very real, and not at all insignificant.
Speaking of clients jumping ship… 74% of consumers have said they would switch providers following a data breach. The circumstances don’t even matter, unfortunately. If a client knows that you’ve been breached, they experience a loss of trust.
Small businesses in particular often rely on word-of-mouth and maintaining a good reputation. This kind of loss of trust, and potential abandonment could absolutely have your business circling the drain.
This is another effect that ties in closely with financial loss. If you’ve been victim to a cyber crime, it’s quite likely that you will experience some real disruptions to your regular business activity. Whether your network has been attacked by a virus, so you literally can’t access any work. Or you’ve had to take time away from your regular duties in order to investigate the extent of the attack.
Either way, you’re facing a situation where your valuable time, and your employees, is now taken up with this cyber attack. So you’re looking at lost sales, lost profits, and the time it will take to get your business back to optimal productivity after the fact.
Who is at Risk?
While it’s important to be aware that everyone is a potential victim, there are definitely some factors to take into consideration. The size and nature of your business, and the industry it falls in, are of particular concern. So, yes, everyone is at risk. But some are at more risk than others.
Healthcare Under Attack
Reports show that the healthcare industry in particular is a real target. Quarterly and annual reports from the Notifiable Data Breaches Scheme confirm that health service providers suffered significantly more data breaches in relation to other industries. They were followed by the finance industry, but still have quite the lead.
Smaller Fish to Fry
Furthermore, it’s a notable stat that small-to-medium size businesses take the brunt of targeted cyber attacks. Why go after the big guns who are well-equipped to prevent and take down any potential cyber crime? It’s much easier to target Anna’s online organic candle shop, steal her customer data and sell it on to someone else.
Failure to Prepare
Of course, one of the biggest factors that contribute to risk is a lack of preparation and education. We touched on this briefly in the beginning, but let’s come back around to it now. If you’re not taking the threat of cyber crime seriously, then you’re not doing all you can to prepare. Any small business worth their salt will have a range of cyber security measures in place, as well as an ingrained culture of cyber awareness.
The Best Way to Prevent Cyber Crime
Preventing cyber crime is primarily about risk reduction, data management and user awareness. When you cover these three bases, you will prevent almost every instance of cyber attack on your business.
This is all about reducing the opportunity for cyber crime to hit your business. When talking about cyber security, there are a whole lot of vulnerabilities that provide openings for attack. Therefore, a huge chunk of cyber security is about reducing those vulnerabilities and therefore, the potential opportunities for attack.
First and foremost, your risk reduction strategy should cover the ‘Essential Eight’. These strategies are about tightening security within your network, and your devices to ensure there are few opportunities for infiltration. Further risk reduction can also focus on implementing anti-virus and firewall tools, amongst other things.
A huge part of cyber vulnerabilities come down to data management. That is, if there are weaknesses in the way data is accessed, stored or transferred, then it becomes very simple for a potential attacker to slide in and steal whatever data they like. And remember, with cyber crime, data is the payload. They are not necessarily out to directly drain your accounts.
So, an important way to reduce your risk of cyber crime, is to improve your data management techniques. This means having tools like mobile device management in place, so you can remotely wipe data from compromised devices. Implement a proper user and identity management system so that only approved users are able to access data.
This is perhaps the biggest tool in your arsenal, and frequently the most underrated. Strangely enough, it’s also the cheapest. It doesn’t require buying fancy next-gen firewalls, and subscribing to premium level security plans. It simply requires a lot of common sense, and taking the time to learn.
Human error is responsible for about 90% of all cyber attacks and data breaches. Ninety per cent. That seems almost implausible until you realise that cyber attacks are like vampires. They have to be invited in. This means they’ll try and disguise themselves any way possible, and trick you into complying. The malware link hidden as a trustworthy application. The phishing site that looks almost identical to the correct one. Keeping ahead of the ‘human factor’ will literally deter nearly every single attack.
Don’t Be One of the Statistics
Amongst all these overwhelming statistics about the victims of cyber crime, one thing is clear. Nobody wants to be that guy. Whatever your motivation may be; whether it’s pure goodwill and a vigilant sense of protectiveness for your clients, or sheer self-preservation (neither is wrong). There is so much one can do to avoid falling into the cyber crime trap and making up one of those awful statistics.
It’s clear that the state of affairs in terms of cyber crime is pretty dire right now, and predictions are not promising an improvement.
The cost of cyber crime is anticipated to hit $6 trillion globally by 2021.
That number is so astronomical it’s barely real. But it shows a clear trend in cyber crime and it’s not a good one. We strongly advise you take a good look at your business, and it’s (hopefully) existing cyber security strategy. Are you implementing common sense protocols? Like never sharing your password with others, or ensuring you have solid password requirements.
Take care with your online identity as much as you take care of your driver’s licence, Medicare card and passport. Passwords and online habits give away so much more than just your Facebook account.
If you’re having trouble working out the best way to approach cyber security, check out our Cyber Security Guide for Small and Medium Businesses.