Protecting against business email compromises, ransomware and COVID-related phishing attacks
Two of the most common cyber threats affecting Australian businesses in 2020 are Business Email Compromises (BEC) and Ransomware Attacks. There has also been a sharp spike in the number of phishing attacks taking advantage of the Covid-19 pandemic, making it essential for Australian businesses to be even more vigilant than usual.
Business Email Compromises
Business Email Compromises (BEC) continues to be one of the biggest cyber threats in Australia and around the globe. BEC breaches can be especially costly due to their frequency and requirement under Australian Privacy Act regulations for businesses to notify the Office of the Australian Information Commissioner (OAIC) and all potentially-affected individuals, even if a data breach is only suspected and yet to be proven.
The cost of each BEC incident is different. However even if there has been no theft of funds, it will typically be at least $25,000. This includes the costs required to commission a forensic IT report to identify the exact nature of the breach and gaining up-to-date legal representatives to ensure full compliance with your obligations under the Privacy Act. Should your business be required to prepare formal breach notifications to affected individuals and the OAIC, the costs can easily exceed $50,000-$60,000.
To reduce the chances of being impacted by a BEC event, serious attention should be given to developing – and reviewing – security controls and processes around email usage and access. According to the Australian Cyber Security Centre, one of the most effective mechanisms to reduce the chances of a successful BEC is the implementation of Multi-Factor Authentication on your email accounts.
In 2020, sophisticated ransomware attacks remain one of the most malicious – and common – forms of corporate cyber-attacks. In the past 12 months alone, some of the highest profile businesses in the world have seen their IT networks crippled as a result of ransomware attacks. Australian businesses are not immune. Below is an outline of just some of the more recent ransomware events suffered both globally and here in Australia:
- Toll Group – one of Australia’s largest logistics businesses, Toll has suffered from two ransomware attacks on their network in 2020. With the impacts still being felt, it has the potential to be the biggest cyber loss in Australian corporate history
- Lion – the dairy processor and drink manufacturer was hit by a ransomware attack which has disrupted the organisations operations. Given the beer manufacturer is dealing with an increased demand from pubs and clubs as they begin to re-open, the cyber-attack couldn’t have come at a worse time
- Service NSW – through a sophisticated phishing campaign, the email accounts of 47 Service NSW staff members were illegally accessed by hackers
- Fisher & Paykel – the NZ-based appliances maker was hit by the Nefilim malware (the same that hit Toll Group with their second cyber-attack). Hackers have begun to publish corporate files on the dark web, which includes confidential financial data dating back to 2013
- Honda – the Japanese car maker has been infected by the ‘Snake’ ransomware, specifically targeting industrial control systems used in manufacturing plants, forcing Honda to temporality suspend production at some of its facilities
- Garmin – most commonly known for its GPS fitness tracking devices, hackers deployed the ransomware tool ‘WastedLocker’ which is believed to have encrypted Garmin’s internal network. Reports are that Garmin paid the $10m ransom
- Arthur J Gallagher & Co – one of the world’s largest financial services firms was hit with a ransomware attack at the end of September, which immediately took all their global IT networks offline
The financial and reputational impacts of ransomware attacks affect different brands and businesses in very different ways. Generally speaking, the costs fall into one of two areas:
- First Party Forensic IT Costs(10-20%)
These are costs necessary to maintain business operations and minimise downtime. Depending on whether backups have been encrypted, or corporate/personal data has been stolen, these costs tend to sit between 10-20% of the overall incident expenses.
- Business Interruption Costs (70-80%)
These are costs incurred as a result of lost business due to systems downtime. They tend to make up around 70-80% of the total incident costs.
Covid-19 Phishing Attacks
Cyber criminals have long been the masters of opportunism. So, it comes as little surprise that Covid-19 has also led to an increase in targeted phishing attacks against organisations and their employees seeking updates about the virus and its spread, coupled with weaker security controls in work-from-home environments. Significant increases have been seen in Remote Desktop Protocol (RDP) attacks on networks in the last six months, particularly those with weak passwords. This has provided cyber criminals with yet another gateway into sensitive data systems, where they can then deploy ransomware and bring businesses to their knees.
12 Cyber Security Steps
If you’re looking to improve the security of your business’ digital systems and data, visiting the Australian Government’s Business Advisory website is an excellent place to start. It recommends the following 12 steps, several of which you can implementimmediately:
- Back up data
- Secure your devices & network
- Encrypt important information
- Use two-factor authentication
- Manage passwords
- Monitor use of computer equipment & systems
- Put policies in place to guide your staff
- Train your staff to be safe online
- Protect your customers
- Protect yourself with cyber insurance
- Get updates on the latest risks
- Speak to an adviser
More details on each of these steps is available at the Australian Government’s Business Advisory website.
If you’d like discuss the specific cyber risks faced by your business, please speak with us today.
This article originally appeared on Everest Risk Group News and has been published here with permission.
Advisr does not provide advice and does not hold a financial service license (AFSL). All information above has been provided by Everest Risk Group Pty Ltd.