Cyber experts expect a rise in cyberattacks in 2022 as many businesses and organisations remain digital due to the COVID-19 pandemic. Last week, member-owned organisation Business Australia warned that now is a prime time for ransomware attacks.
Last month, Emergence Insurance head of underwriting and product development Jeff Gonlin stated in a webinar for brokers that the global cyber insurance market was experiencing “a lot of red ink,” noting an Accenture report that found Australia to have the third-highest level of claims globally. Meanwhile, in Emergence, ransomware was the second-highest incident at 31% of claims, behind business email compromise (BEC).
Now, Business Australia general manager products Phil Parisis warned small businesses that they can be easy targets, with small and mid-size enterprises (SMEs) accounting for nearly half of all cybercrime incidents.
“Research shows that business owners are aware of cybercrime, but they are just not prepared – 90% of attacks are still successful due to human error,” Parisis said, as reported by Security Brief. “We often hear from businesses that I'm just a small law firm, a building company, why would anybody target me? The reality is that cybercriminals don't necessarily target you.”
Parisis explained that small businesses might become accidental victims of a large, broad-scale phishing attack – and it takes just one employee to make a mistake, triggering cyberattackers' interest in the business.
“Attackers are also incredibly creative at playing on human emotions, creating links someone is most likely to click. We've seen a huge increase in phishing campaigns that revolved around trending topics like coronavirus vaccines,” Parisis continued.
Business Australia, which launched Business Australia Cyber to help small businesses learn how to spot cyber risks and prevent attacks with a Cyber Security Health Check, listed seven steps for businesses to prevent a cyberattack in 2022:
- Create a human firewall: Building a human firewall or educating yourself and employees is the most effective way of preventing a cyberattack.
- Protect your passwords: Passwords mustn't be easy to guess. Moreover, it is best to consider using a password manager and multi-factor authentication to provide a second wave of authentications.
- Beware of public Wifi: Logging on to a public Wifi is one of the easiest ways to get hacked. If you or your team members are working remotely, it is safer to hotspot to their phone.
- Careful with what you buy: Cheap cables for iPhone charges have been found to have malware, so it is best to go with store-approved products.
- Upgrade your software: Ensure all your devices operating systems are upgraded regularly, including recent security patches.
- Consider insurance: Cyber insurance doesn't reduce the risk; it reduces the financial impact of a cyberattack and helps a business recover faster.
- Update business policies and procedures: Ensure your business processes are up to date to protect, prevent, and recover from any suspicious behaviour.