Close
With more than 2.1 million small businesses in Australia, it’s no wonder they’re perceived as the engine room of our national economy. While they have a pivotal role to play in advancing our financial future, many small business owners will freely admit that they’re not technology experts. This digital knowledge gap makes small businesses an attractive target for cybercriminals looking to use small businesses as a back door to acquire prized data from within larger enterprises. It’s commonly known as logistical fraud and is creating a cybersecurity blind spot in Australia, with many small businesses unwittingly acting as third-party providers to larger organisations.
U.S. retailer Target suffered a data breach when cybercriminals gained access to the retailer’s system by way of stolen credentials from a third-party vendor. Over 70 million customers had their data compromised. In Target’s 2016 annual financial report they stated that the total cost of the breach was USD $292 million. It’s fair to conclude that no one was knocking down the door to do business with the supplier at fault after this breach made headline news.
If you are a small business and not taking the necessary steps to secure your business, it could significantly jeopardise your relationships with existing customers. Additionally, irreversible reputational damage could mean losing important contracts with larger enterprises.
Our Canon Business Readiness Index suggests there is room for improvement when it comes to smaller businesses protecting their information security, revealing that smaller businesses are the least concerned about data security. It is possible that this stems from a general lack of awareness around the scale of cybersecurity issues, with only one in five (19%) conscious of and prepared for the national data breach notification scheme that came into effect in February.
The consensus among security professionals is that it’s now a case of ‘when’ and not ‘if’ businesses experiences a breach. The fact that half of Australian small businesses are only ‘slightly’ or ‘not at all’ concerned about potential upcoming breaches is a little concerning.
Mandatory data breach disclosure legislation increases the pressure on smaller providers to elevate their security controls in line with those of larger strategic business partners.
So what are some of the biggest threats facing businesses today?
Gone are the days of the Nigerian Prince scam. Adversaries have become more sophisticated and are wielding an array of techniques in an attempt to penetrate businesses. Which threats pose the greatest risk to small businesses and inadvertently the larger organisations they deal with?
Spear phishing – This is a social engineering technique designed to deceive users. It’s typically carried out by email spoofing. It often directs people to enter personal information into a fraudulent website. If executed by professional cybercriminals, the site will look and feel identical to the legitimate source with the only noticeable difference being the URL of the website in question. Earlier this year it was reported that real estate agents and home buyers in Victoria were being targeted. The scam asked home buyers to deposit funds into a bank account, with some losing more than $200,000.
Whaling – The term ‘whaling’ refers to the size of the targets relative to those of typical phishing attacks, specifically targets senior management such as the CEO, CFO or other executives who hold the keys to the kingdom. Whalers are likely to play a long game, watching and waiting, to really understand your people and your business. Their sophistication makes it easy to fall prey. In Austria, a CEO of an aircraft parts manufacturer was sacked after he fell victim to a whaling attack and lost his company more than $50 million AUD.
Ransomware – This is a type of malware which locks computers or files until people pay a ransom fee. Unfortunately, coughing up the pennies is no guarantee that cybercriminals will unlock files. The ransom demand usually pales in comparison to the cost of downtime these attacks cause. In May 2017, a worldwide ransomware attack dubbed WannaCry affected more than 200,000 computers across 150 countries. The estimated damage was measured in billions of dollars.
If in doubt, ask!
In a volatile and rapidly evolving threat landscape, how can you defend your business against these malicious attacks, protecting your vital business and customer data?
The Australian Signals Directorate’s Essential Eight (ASD8) is a good starting point. This is a list of practical actions that will help make your computers more secure. But security must also be part of your company culture to reduce the risk that Helen in procurement or Paul in marketing will unsuspectingly click on a malicious link. Everybody has a role to play.
When working with third-party suppliers, make sure you ask how they will protect your data. It’s essential to ensure they have adequate security controls and mechanisms in place. The rule of thumb is to ask now rather than getting a nasty surprise later. No one wants to fall victim to logistical fraud.
If you’re looking to bolster your defences, find out about Canon’s Security Solutions.
There is also a world of difference between Data Governance and Information Governance. Find out more
Canon’s imageRUNNER ADVANCE Gen III Series III multifunction devices take advantage of McAfee Embedded Control to protect your business. This advanced solution helps you manage security policies and protects against the execution of unauthorised applications with intelligent whitelisting.
When you’re working with students and their families, and interfacing with the government, data security is paramount.
Canon’s iR-ADV Gen III Series III multifunction devices are packed with features to protect your business from cyber attacks and data breaches. Embedded features at startup and during operation help protect the boot process, firmware, and applications against tampering by malicious third parties.
In the 12 months since the Notifiable Data Breach Scheme came into effect, 964 breaches were reported. See which are the top reporting sectors, what types of information was leaked and what your business can learn to mitigate the risk internally.
The Notifiable Data Breach Scheme came into effect on 22 February 2018. Since then, the total cost per data breach has cost Australian businesses an average of US$2.13 million. Can your organisation afford to continue ignoring the risks?
Canon’s imageRUNNER ADVANCE Gen III Series III multifunction devices take advantage of McAfee Embedded Control to protect your business. This advanced solution helps you manage security policies and protects against the execution of unauthorised applications with intelligent whitelisting.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
Managing patient health records requires the strictest security protocols. Canon’s user-friendly iR-ADV Gen III Series III multifunction devices deliver the print, copy, fax and scan features you need within a networked environment, with multi-layered security to minimise your risk of a data breach.
What your school needs to do if it suspects a data breach
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
