In a typical month, New Zealand’s National Cyber Security Centre (NCSC) receives an average of 22 incident reports and requests for help. During the 2021-22 financial year, the Australian Cyber Security Centre (ACSC) received over 76,000 reports of cyber crime, which equates to one report every seven minutes. For a relatively small region, those numbers are high.

Cyber security has always been a challenge for businesses. With increasing expertise and technological advancements, cyber criminals are equipped to cause significant damage to the everyday entrepreneur. In this post, we’ll look at some of the most common cyber security threats Australian and New Zealand businesses face, and how you can protect your business against them. 

Common cyber security threats

Phishing, spear fishing, and whaling

Cyber attacks often appear to come from someone reliable. They'll seem genuine and compelling, and ask you to divulge confidential information.

•  Phishing: Someone pretending to be a reliable third-party emailing you for sensitive or confidential information.
•  Spear phishing: Someone pretending to be a department or team from your organisation, emailing you for sensitive or confidential information.
•  Whaling: Someone pretending to be a reliable third-party emailing management (a "bigger fish") for sensitive or confidential information. 

Scams and fraud: phone, email, letters, online chat

Sometimes, scammers contact you with a great offer in exchange for money. Most scammers seek small amounts of money, but target multiple people to amass a larger overall sum. Scammers are common in the online chat space, but they’re also active on the phone. Pyramid schemes are also a form of scam.

Ransomware attacks

Businesses store data in internal databases. You're "hacked" when cyber criminals break into your database and steal sensitive or confidential information. It becomes a ransomware attack when they threaten to release your information publicly or sell it to a third-party unless you pay a ransom. Sometimes, criminals will hack systems and expose information without demanding a ransom. This is a common strategy for discrediting a business.

Distributed denial of service (DDOS attack)

This type of attack is most common against software or cloud service providers. Cyber criminals hit the system with fake requests so frequently that the system temporarily malfunctions. It may take down a website or service, blocking out genuine users. Although information isn’t leaked, the system becomes inaccessible, even to its owners.

DDOS attacks vary in severity. Sometimes, attackers seek ransom to stop attacking the system. Other times, the aim is to cause as much disruption and reputation damage as possible. If you're under attack, the best practice is to provide consistent status updates to your customers. In 2015, Zoho experienced a DDOS attack. Here’s how we handled it. Zoho’s systems are now diligently monitored and constantly upgraded to make sure an attack like this never happens again.

Internal fraud and threats

In some situations, employees and former employees may be involved in fraud and cyber crimes against the business. Crimes could range from sharing sensitive information with third-parties to deliberately damaging internal safety mechanisms, making the business vulnerable to ransomware attacks. That’s why it’s crucial to vet every employee who has access to sensitive information and train them adequately about your values and policies. 

Data hack vs. data breach

Nowadays, the terms "hack" and "breach" are thrown around in the media quite interchangeably, but there is an important difference. 

A hack occurs when someone illegally gains access to information. There are many ways to do this, including phishing, hacking into social media accounts, hacking into WiFi or local area network (LAN), and stealing staff credentials.

A breach, on the other hand, is an accidental loss or release of information. Instances can be harmless, such as when a team member gets access to information that’s not relevant to them. If that happens, consider it a good wake up call to strengthen your permission settings. Other times, breaches can be more damaging, with data being accidentally deleted or shared publicly.

Sometimes, an undetected breach can lead to a hack or ransomware attack.

Protecting your business from cyber attacks

Sometimes, there’s nothing you can do to prevent a cyber attack. However, there’s quite a lot you can do to try and prevent attacks and make it harder for hackers.

Train your staff members to identify common threats and best practices for data protection. A good way to do this is to set up strong social media, IT, and cyber security policies in your organisation. New Zealand's Ministry of Business, Innovation & Employment has a Policy Builder tool that you can use to create comprehensive business policies. These can be easily adapted for both Kiwi and Australian businesses.

Creating strong policies is one big job done. Ensuring staff members abide by the policies is another job altogether. Encourage healthy workplace data practices, like forming strong passwords, rotating passwords regularly, using a reliable password management app, enabling data encryption, and vetting your software vendors thoroughly before you commit to them. Above all, follow the Privacy Principles established in Australia and New Zealand when collecting, storing, and using data—don’t collect and store any data if it’s not absolutely necessary. 

What to do if you’re targeted by cyber criminals

CERT NZ is the country’s cyber security threats monitoring agency. If you believe your data is compromised, you should report it to CERT NZ. In Australia, you should report incidents to the Australian Cyber Security Centre.

These agencies will help you assess the situation and guide your next steps. If you’re under a ransomware attack, don’t be tempted to pay up hoping to retrieve your information. That seldom works and there’s no guarantee the attackers will keep their promises.

We hope this blog post has given you a better grasp of how you can protect yourself and your business from cyber crime. As we continue to rely on technology and the online world for our everyday life, it's becoming more important than ever to stay on top of possible threats to our data. For more resources on how to overcome cyber security threats, have a look at CERT NZ's information and the Australian Cyber Security Centre's resources for businesses.