Being connected (via the internet) is now essential, creating new opportunities for innovation and growth. To be competitive, businesses need to be online. But this also brings risks. Australian businesses are increasingly a target for cybercrime and espionage
What is Cybersecurity?
‘Cybersecurity’ is the practice of protecting systems, networks, and programs from digital attacks. These attacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.
Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
Why is Cybersecurity Important?
At an individual level, a cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like client account details.
More broadly, everyone relies on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organizations is essential to keeping our society functioning.
The Cyber Threats Organisations Face:
Although larger enterprises tend to have a realistic appreciation of the cyber threats they face, many small to medium-sized enterprises are unclear about the ways in which they’re vulnerable, and some mistakenly think they’re not a viable target.
In fact, all Internet-facing organisations are at risk of attack. And it’s not a question of if you’ll be attacked, but when you’ll be attacked. The majority of cyber-attacks are automated and indiscriminate, exploiting known vulnerabilities rather than targeting specific organisations. Your business could be being breached right now and you might not even be aware.
Types of Cybersecurity Threats:
Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered, or the system restored.
Malware is a type of software designed to gain unauthorized access or to cause damage to a computer.
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.
Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information. It’s the most common type of cyber-attack. You can help protect yourself through education or a technology solution that filters malicious emails.
Tips on using the internet safely and avoiding scams can be found on the Be Connected website.
How does cybersecurity work?
A successful cybersecurity approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In a business, the people, processes, and technology must all complement one another to create an effective defence from cyber-attacks.
Users must understand and comply with basic data security principles like choosing strong passwords, being wary of attachments in email, and backing up data.
Technology is essential to giving businesses and individuals the computer security tools needed to protect themselves from cyber-attacks. Three main entities must be protected:
• endpoint devices like computers, smart devices, and routers;
• networks; and
• the cloud.
Common technology used to protect these entities include next-generation firewalls, DNS filtering, malware protection, antivirus software, and e-mail security solutions.
As a business, you should develop a framework for how you deal with both attempted and successful cyber-attacks.
Cyber Security Resources:
Useful cybersecurity resources can be found here.
Cyber Security Small Business Program:
The Cyber Security Small Business Program is an integrated element of the Cyber Security Strategy to improve cybersecurity for Australia’s small businesses.
Small businesses can apply for grants of up to $2,100 to co-fund small businesses to have their cybersecurity tested by CREST ANZ approved service providers.