You likely heard about the ransomware attack on Channel Nine back in March. It seemed like any other day in Sydney as staff went to work only to realise that business was unusual and their systems were down. More recently, JBS Foods had a similar attack in which they paid $14 million worth of bitcoin to end a five-day disruption to operations.
But, you might be saying, cyber crimes are targeted only at enterprises. To you I'd say, yes, we've seen a lot of big companies, and even governments, crumbling under serious ransomware threats. However, just because smaller companies don't make the news doesn't mean they're not being attacked.
Unfortunately, so many small businesses don't even realise they are targeted in these attacks until it's too late. If you use a third-party software to store your business data, and they're attacked by cyber criminals, then your data and your customers' data are also at risk.
In the cyber crime world, you don't have to be a threat to be threatened.
"It's not just big organisations and household names, it's small companies," Rachel Faulk from the Cyber Security Cooperative Research Centre told the ABC. "If they run a computer connected to the internet, they're at risk."
What a ransomware attack looks like
What's scary about cyber attacks is that they can take a variety of different forms. The most common one in recent times is when you open your computer one day and see that all your files and data have been "encrypted" or blocked in some way so that you can't access your own data without decrypting it first.
Many software services encrypt data at rest, meaning they lock data when you're not using it so that no one else can gain access to it. WhatsApp does that with our messages. This way, even Facebook (WhatsApp's parent company) won't be able to access your data (in theory). However, when hackers break into your computer and encrypt your data, they're using the same technology against you. To decrypt your data, they might ask you to pay a ransom, effectively making it a ransomware attack. Should you decide to pay up, your attackers will give you an antidote that'll decrypt your files so you can regain access.
But it's not that simple.
Cyber criminals don't care about keeping their word. Following the rules isn't in their rule book. That's why complying to attacks is unwise and may put you in a more vulnerable position that you started with. If they know you'll pay, they'll only keep asking for more. If you find that attackers have hacked your data, regardless of how small or big their ransom is, the right thing to do is to report the incident to the Australian Cyber Security Centre (ACSC). The Cybercrime Operations division of The Australian Federal Police also has a newly-formed task force set to combat ransomware attacks.
These ransomware attacks are no longer a novelty. Across the country, there are at least a couple of attacks every week. Naturally, it's become such a huge concern that it merited government intervention. Many people argue that paying a ransom should become illegal so that businesses will be more likely to report incidents rather than silently paying up. However, penalising a business soon after they shelled out a large sum of money to get themselves out of an unwarranted attack seems unfair to say the least.
The best way to deal with this situation is to avoid it altogether. It all starts with setting up preventive measures to protect your data against malicious attacks. The ACCC has a comprehensive cyber security guide specifically for small business that want to try and establish their own protective systems. The guide explains the types of phishing attacks and how you can secure your data against threats.
It's not about if, but when
Unfortunately, with the advanced technology available to us today, cybercrime is only steadily growing. However, that doesn't mean there's no hope at all. Just as vaccines help us reduce the impact of a disease, data security measures can also help your business stand up to attacks and largely reduce the chances of compromising your data. Security and access management isn't only for large enterprises like media companies and global logistics corporations. Security breaches can happen to anyone regardless of their business size or industry. We put together a guide explaining the various data security and access management systems small businesses can implement. Check it out to learn more about defining custom permissions for your stakeholders. For example, if you have sales data, you can set read-only permission for your marketers and enable the edit option only for your sales team. Even then, your sales team doesn't need edit access to customers' contact information. Once you dissect your data and the various levels of access your teams need, it becomes easier to regulate access and strengthen your defences.
Whether we like it or not, the truth is that Australia is vulnerable to cyber threats. Despite our vast investment in promoting safe and healthy business practices, many of our smaller businesses need more support and education to protect themselves against data theft. If you ever face cyber threats, we strongly recommend involving the ACSC and sharing your experience with other businesses. The best way to safeguard our data is to be more aware.
Do you have any specific questions you'd like us to answer? Let us know in the comments below!