I was reading the Financial Review last week and I came across something that caught my eye. It was an advertisement from Telstra saying that, “One in three Australian organisations that paid a ransom did not get their data back”. Thinking of the recent ransomware attacks across the globe and the chaos that they caused, my attention was drawn to the prevention and disaster recovery plans that are fundamental pillars at Netway Networks.
I don’t know why this came as a shock to me, as you should never take the word of a criminal, regardless of the threat being online or in person and assume that they will return a possession they have held for ransom. I was intrigued to dig deeper and pull up the Telstra Cyber Security Report 2017, and read in detail about the in-depth look at ‘Managing risk in a digital world’.
This survey is compiled from 360 respondents in Australia, India, Singapore, Hong Kong, Indonesia and the Philippines and looks into the detail of the cyber threats in APAC. To save you reading all 52 pages, I have summarised some of the key learnings which affect Australian businesses. Although I could write a thesis on the topic, I hope you can take these points and some of my tips away to minimise business risk.
Key takeaways from the Telstra Cyber Security Report 2017
“In Australia, the CEO is regarded as almost as responsible as the IT department”.
This came as a shock to me, but the more I think about it, it’s completely understandable. Investing in cyber security protection is like buying insurance. If your office burned down, you would be covered by insurance and that would help bear the burden. Your data is just as important, if not more, than your physical office. If it’s lost, and you don’t have the necessary disaster recovery plans in place, you could be left with nothing and years of work could go down the drain.
The report goes on to say that there was a 42% increase in c-level executives taking responsibility for security breaches in Australia. A 42% increase is a massive increase and as Australian businesses are becoming more and more aware of cyber threats and realise that investing in Cyber Security is as much of a necessity as purchasing insurance.
“Phishing emails remain the most popular method to deliver malware”.
According to the report, at least once a month approximately one-third of Australian businesses experienced a phishing email incident that impacted their business.
And it makes sense, we let our guard down at times and we open an email that looks familiar and click a link and next thing we know, our hardware is infected. Unfortunately, the threats are becoming more and more realistic every day as simple emails come through and they look as though they are the real deal. One attack that has come to light recently is a click bait email supposedly coming from an energy provider (Origin), that had links to malicious software that automatically installs on your PC.
Tip: Always check the email address it came from. If it is unfamiliar or doesn’t have the domain e.g. @originenergy.com.au, do not click any links. When in doubt, delete, what’s the worse that could happen?
“60% of Australian organisations reported that they experienced at least one ransomware incident in the last 12 months”.
It may come to a shock to you that just under two-thirds of companies suffered a ransomware attack in the past year. The recent stint of ransomware was nothing new, this technology has been circulating on the web for years. What shocked me the most was that 42% of affected companies paid the fee and only 2% got their files back. Some paid because they were embarrassed to seek help, others because they were scared and ran out of time.
Tip: if you ever get attacked by ransomware remember this quote.
“Whether online or in person, if someone holds something of value for ransom, they are a criminal. And, you can never accept the word of a criminal to return something that is stolen”.
Mobile malware is becoming more popular and is expected to take over traditional malware as the popularity of mobile devices increases.
As smart device technology becomes more advanced, becomes more used and mobile data plans become more affordable, more Australians than ever are using mobile devices for browsing the web, emails, social media, etc. So, if there are fewer people on desktops, where do the criminals attack next?
Tip: Be just as cautious as you are with your PC as you are on your smart device. Unfortunately, the malware can spread quite rapidly and as a result, you could lose complete control over your phone. And the reason this is incredibly scary is that most people have banking, email and social media apps on their phones. The email and social media apps are not always password protected and if you are infected. it could cause a zombie outbreak infecting every one of your contacts.
“A small percentage (one percent) of organisations indicate that their business is never impacted by any security incident”.
This is probably the most frightening statistic to come out of this report. Only 1% of businesses have not actually been impacted by cyber attacks. The report goes on to say that 88% of companies are now developing an incident response plan.
I believe that every single business, no matter their location should have a plan in place and should have the uppermost trust in their Managed Service Providers (MSP). If you don’t have the resources to employ a dedicated IT professional, you should reach out to a MSP. A few thousand dollars a year could save you a lifetime of troubles.
If you would like a free consultation about putting together a disaster recovery plan, please contact the Netway team 1300 138 929.