Cybercrime is big business and business is booming…. still!

BY EPSA September 15 2023

What you need to know, what you need to do and when to do it (HINT: act NOW!)
Cybercrime is one of those things that we are all (quite rightly) afraid of but unfortunately not enough of us minimising risk so here’s a reminder on the basics.

Alright, some context. Yes, we know that there have been multiple high-profile breaches that have dented trust, reduced brand confidence and damaged and disadvantaged people, their livelihoods and their quality of life. It’s true. But just how true is it?
Well let’s not get too bogged down in the numbers because the point of this Industry Trends piece is to encourage you and then help you identify and action some practical cybersecurity measures. That said, context is important and while we’re not trying start a panic-fuelled riot, let’s get a lay of the land.

PUTTING CYBERCRIME, CONS AND ONLINE CATASTROPHES INTO CONTEXT

- 75bn – that’s how many devices will be connected online and to each other within the next 18-24 months
- 36bn records were compromised as a result of breaches during a 6 month period before health funds and telcos fell victim to cybercrime last year
- $30bn annually is what cybercrime is costing Australian businesses every year
- 14 second intervals! That’s right, ransomware attacks are being carried out every 14 seconds.

This is the online environment our businesses and our people are operating in every day and the truth is, we need to take steps to minimise our digital vulnerabilities. Now, we’re not going to name every online viral variant that can cause untold damage to revenue and reputation alike but here are a handful of “types”.

KNOW YOUR ENEMY: MALWARE, PHISHING AND SOCIAL ENGINEERING ARE THE BIG 3

We’re going to pick up the pace here and give you a brief description of three threat types followed by a suggested remedy. Here we go:

PHISHING – these emails are becoming increasingly prevalent and a lot more convincing. Be aware that many of these emails can convincingly mimic the online branding of many high-profile and legitimates businesses and organisations. The aim is to get you to click or input data such as a password. Make sure you hover over the “sender” from your inbox which will often reveal some startling anomalies and do not click on any links unless you are sure it’s safe.

MALWARE – just as problematic. Oftentimes malware arrives via a USB, maybe an app or website. It compromises your data by capturing keystrokes and hence passwords. Again, avoid unknown links.

SOCIAL ENGINEERING – emails, contacts, friend requests can be disastrous especially if they’re from a cybercriminal. Criminals may pretend that they are you, having harvested data from socials and profiles, with the aim of sourcing access and data from people in your business or social circles.

These are simple tips however, if you’re looking at your business, enterprise or organisation more broadly, consider speaking to experts in the field to help you secure your networks, devices and data. But start with reviewing and strengthening your password protocols and policies.

THE PROBLEM IS NOT JUST THEM IT'S YOU... AND YOUR PASSWORD

The first part of the problem is that our passwords make perfect sense to us. Which means that at least some of the time, they’ll make perfect sense to a committed hacker who may have some background information about you, your job, your company and/or organisation – and maybe even a smattering of personal details. Keep in mind that 80% of cyber attackers are preying on a weak password. It won’t be too long before this info reveals some of your password possibilities. We’re using “password” as a singular because that aptly introduces the second issue.

Strange though it will seem to cybersecurity professionals, upwards of 55% percent of people will use just one password for all or multiple accounts. It’s just easier that way… for cybercriminals to access commercially sensitive or just sensitive data.

DO THESE 4 THINGS NOW AND BREATHE A LITTLE...A LOT...EASIER FOR LONGER

If you remember nothing else, remember 4 basic key actions that will help lock up your company, business and/or personal data:
1. Lock your devices
2. Use a secure platform to protect emails
3. Strengthen your passwords… now!
4. Institute a business or personal policy around VPN (Virtual private Network) use instead of risking it all on random WiFi set-ups and hoping that café, airport lounge or shared spaces are as concerned about your cybersecurity as you are.

With so much at stake, it is critical that your organisation or team prioritises eliminating cyber vulnerabilities and adopting a more rigid security posture. To achieve that end, the final piece of advice is to seek out a trusted team cybersecurity professionals and quiz them about how they can protect your networks, hardware, assets and people online.

Remember, prioritise your business over that of the cybercriminals’.