Without a doubt, cybercrime is the biggest threat to Australian business. In a recent publication, the Allianz Risk Barometer, Cyber Incidents were ranked as the third highest risk to business after supply chain interruption and volatile markets. How would your business fair against a cyber attack? What can your business do to protect yourself against the newest Australian Criminal element and how can you combat cybercrime?
Types of Cybercrime Attacks
The bad guys are becoming more organised, regimented and dedicated to breaking into your business and taking your valuable information and data. To this end, they’re making use of some sophisticated tactics to weasel their way in.
Malware
The most common and often the most damaging piece in the hacker’s toolkit. Malware is a small piece of software that once on your computer can cause an array of issues. From totally taking over your computer or system, to silently logging all your keystrokes. Their ultimate goal is to send confidential data back to the hackers home base. If you’ve ever had an anti-virus alert pop up on your computer or accidentally clicked a malicious email attachment – you’ve had a brush with malware.
Phishing
To support the spread and effectiveness of Malware, the delivery is often through a Phishing attack. The bad guys know you wouldn’t open an attachment or click a link from a random email (for the most part). They employ Phishing tactics to ensure deployment. Phishing plays on human curiosity, impulses and depends on our ignorance to red flag indicators. More often than not, a Phishing attack will appear to come from someone or something legitimate. Using basic humans traits as a ‘way in’ makes it very hard for technology providers and software to stop. There is no bigger risk to your businesses security system than your staff.
SQL Injection Attack
SQL is a language used to communicate with database servers. The internet is, in effect, a giant database. Many of the servers that store critical data for websites, applications, services and businesses are written in SQL. An injection attack is the first threat in the list that uses actual hacking in favour of emotional hacking to get results. Using one of the known SQL vulnerabilities hackers will force the server, through a malicious code, to divulge information that it usually wouldn’t. For example, an attacker may be able to enter a code into a websites search field. If that server is unprotected against injection attacks, it could dump a full list of usernames and passwords it has stored.
Credential Reuse
Similar to Phishing, this attack type is rooted in human nature and failings. It seems that each time we jump onto the internet, each page wants us to have a different user account and password. I myself, investigating after writing this post, have over 140 online accounts with various websites and groups. We have a lot. Because of this, it’s very tempting to reuse credentials (or slight variations) for all our accounts to make life a little easier. When an attacker obtains a collection of usernames and passwords they know there’s a better than not chance, using those credentials on other pages will work.
The Real Effect of Cybercrime
Australians as a whole have long had a mentality of threat-isolation. We’ve long been protected by our country being gurt by sea. This may go some way to explain why the majority of business owners are not seeing this danger as the very real threat it is. Your critical business information, customer data and invaluable Intelectual Property are your attackers’ target and they’re going above and beyond to get it.
Damaged Reputation
The internet is an interesting place. Its power and influence have grown at an exponential rate. With the rise of instant information gratification, the relationship between the consumer or client and business has changed dramatically. Businesses must develop, build and maintain the trust of their client base at every step. One wrong move and it can all be over. Using the results of a global survey by Gemalto to prove my point, nearly two-thirds of respondents indicated that as a result of a data breach would see them cut ties with the company completely. Destroying any chance of positive recommendations or referrals from that relationship. Of those two thirds, 95% stated they’d consider legal action against any party involved. At its core, a data breach results in the erosion of customer trust.
Damage to Intellectual Property
In addition to the devastating effects of exposing sensitive consumer information, cybercrime has the ability to destroy a business’s competitive edge in their sector. Imagine KFC’s Original Recipe was stolen or accidentally exposed through a data breach. Very literally, their industry secret is now exposed for the world to see. The loss or exposure of your business ideas, marketing campaigns or expansion plans might render these ideas useless or ineffective.
Monetary
Recently, Alastair MacGibbon, former director of the AFP’s High Tech Crime Center revealed the true cost of cybercrime. Directly, the cost to the Australian economy is $1.8 billion. It’s also estimated that a further $2.5 billion is spent in rectification. From bolstering security and recouping from loss of productivity and reputation.
