The IT department cannot be solely responsible for your cyber security. We all need to take steps to prevent it.
60% of SMEs who experience a data breach will close their doors within a year.
Cyber criminals are continuing to exploit weaknesses created by the 2020 pandemic’s change in working conditions. Staff working from home on unsecured or poorly configured VPNs resulted in exposed corporate networks. A staggering 95% of breaches were caused by human error alone in 2021.
Cyber criminals are now more likely to see staff as a potential vulnerability, as opposed to systems and hardware. Unsuspecting employees, including CEOs, have become an easy entry point for hackers and they are reaping the rewards. In the past financial year, the Australian Cyber Security Centre (ACSC) reported that Australian businesses lost an eye-watering $33 billion to cyber crime. That’s nearly a 13% increase from the previous financial year.
Can you afford an attack?
By implementing an effective cyber awareness program, you can transform your employees into a defensive line against cyber attacks.
Email is the hacker’s way in! Watch for malicious links.
It doesn’t matter how much you’ve invested in your security set-up, if an employee clicks a malicious link within a fraudulent email, your network will be compromised. On average, it takes hackers just four minutes to gain access to your networks through malware, ransomware, or a phishing attack.
The mentality of the hacker has changed. They're not just after your data, they're after your reputation.
Once a hacker has gained access to your systems, it can take up to 286 days for detection to occur. Why so long? Hackers are content to play the long game, copying your clients' data, waiting for the opportunity to pin and leverage your reputation. How? By threatening to publish your clients' data online. They know that undermining customer confidence in your business can be just as damaging as the loss of data itself. How will your clients react if their personally identifiable information is leaked online?
While a breach damages your reputation, if your clients' data is published online you must report it. Business leaders need to be aware of the legal implications for not taking the appropriate steps to prevent an attack. Personal or Director lawsuits from your compromised customers and penalties from the Office of the Australian Information Commissioner's (OAIC) Notifiable Data Breaches (NDB) scheme, can exacerbate an already inflamed situation.
Is it the CEO or is it a hacker?
Company websites, trade publications and LinkedIn profiles have made it easier for us to connect with our peers, but hackers are using these juicy bits of information to identify a company's senior leadership team. Once a hacker has your details, they can gain access to your network through an email-borne attack, then wait. When the CEO is busy, either in a meeting or travelling, the hacker sends a fraudulent payment request to an unsuspecting staff member from their email or a similar email domain. These attacks are highly targeted and are difficult to detect. Who is going to say no to the CEO?
Large-scale automated attacks hit thousands of SMEs at once.
Individually, an SME is not a lucrative prize for a hacker. However, large-scale automated attacks that hit thousands of businesses at once have made SMEs a much more attractive target than multi-national organisations with their impenetrable security perimeters. 47% of all recorded cyber attacks are targeted against SMEs.
It’s worrying to note that only 40% of Austral-Asian CEOs are concerned about cyber attacks. That’s in stark contrast to 69% of North American CEOs.
Why? Perhaps it’s our happy-go-lucky nature, but it could be the belief that breaches only happen to much larger organisations and not to SMEs. If an attack occurs, it’s not a personal vendetta against your business. Cyber criminals are casting the net wide, knowing someone, somewhere will make a mistake or circumvent security protocols in the name of convenience, granting them access.
All these attacks can be thwarted with a robust security set-up, but often they are over in a matter of minutes, and recovering the funds is virtually impossible.
An effective employee cyber awareness program will help mitigate the risk of an attack. There is no cure, so prevention is the only way to be safe.
What is Cyber Awareness?
Cyber awareness is understanding cyber security best practices and staying informed of the everyday threats that face your business. It’s that simple. Increasing cyber awareness empowers your employees through:
- Education on the current threatscape.
- Real world examples.
- Skill sharing from IT experts.
- Simulated attacks.
- A quiz to lock in the information.
- Additional resources.
Cyber security is critical for everyone in every department.
The time for complacency is over. Cyber security is no longer just an IT department issue. Preventing cyber attacks needs to be a company-wide initiative led by the senior leadership team. Educating your staff in the current threatscape adds an important layer to your security set-up. Let us support you to empower your employees in cyber awareness.
How safe are you against a cyber attack?
Sign up for free and take our cyber health check to uncover your cyber risk score.
The team at Systima will be happy to talk through your score and how you can improve it.