AUSTRALIAN RANSOMWARE EPIDEMIC: A TALE OF INADEQUATE IT TRAINING & HUMAN ERROR
The Australian Cyber Security Centre (ACSC) has reported that during the 2020 financial year, 59,803 cybercrime reports were made, equating to 164 cybercrime reports per day on average or one report every 10 minutes! The most common and frustrating type of cybercrime utilizes malicious software that makes data and systems inaccessible until the victim makes a payment, this is what the experts refer to as “ransomware”. Businesses of all sizes are vulnerable to this method of cyber-attack with small-to-medium sized businesses (SMBs) being a prime target due to their inherent lack of cyber-security and necessary employee training to identify an attempted attack on their data. Cyber criminals do not discriminate, targeting Aged Care, Healthcare Centers as well as government agencies!
Australia and New Zealand rank among the highest for victims of ransomware attacks in the last 2 years due to the wealth of the countries and lack of government funding to increase their nations cyber security. Ransomware attacks are pricey, averaging to $241 million in damages to businesses and the public sector. Enterprise and government agencies have counted roughly $1.6 Billion in losses due to downtime caused by ransomware attacks this past year alone! This is expected to rise due to the lack of understanding of network vulnerabilities combined with the hackers becoming more creative in their attacks.
Due to inadequate IT training for employees, human error remains a strong factor in cyber security breaches in most organisations. In May of 2020, 39% of cyber-attack notifications were those that involved human error! A proactive approach to cybersecurity includes user awareness and training and is especially important for small-to-medium businesses, who are the main targets. Despite the vulnerabilities, 87% of SMBs in Australia believe that they are safe from attacks using antivirus software alone even though 3 out of 10 employees will open an email from an attack, while 1 out of 10 will open the attachment or link contained within it.
Here are a few tips to prevent or handle ransomware:
- Make regular backups of vital files along with offline copies that are not connected to your network to have peace of mind and a faster way to restart your business in case of a ransomware attack. This may take some time but can save you a lot if your data is seized.
- Upgrade the cyber security measures according to the advice of professional and experienced engineers in the field.
- Patch your systems and software frequently. The reason why patching is important is to close any vulnerable spots in the software since cyber criminals are always finding ways to attack. This is something that will require some technical background.
- Ensure high end staff and management are aware of Spear-Phishing, phishing attacks specifically targeting those in your business who have access to important information. This is where setting up 2FA (2 Factor Authentication) can come into play. ((insert blog link))
- It is recommended that if you are to come under attack by ransomware that you should not pay the ransom demand immediately. It is important to note that without the correct assurances, the payment will not be a means of getting your data back and may make you susceptible to further attacks.
ICTechnology are experts in the field, with our very own ethical hacker on board, staying up to date with the latest threats, innovative solutions, and collaborative environments. The advice is – get in touch – keep your network safe.