10 May 2021

Cybersecurity – How to Keep Your Business Safe

Cybersecurity – How to Keep Your Business Safe

Cyberattacks aren’t random events. They’re the direct result of human intent, targeting individuals and organisations to gain – or prevent – access to sensitive information. No matter what industry you’re involved in, your organisation is a tempting target for cybercriminal activity.

In this article, we look at what cybersecurity is, the most common types of cyber attacks, and some simple cybersecurity practices you can implement to help protect your business and keep it safe from cyberattacks.

What is cybersecurity?

Cybersecurity is the practice of protecting networks, devices, and data from unauthorised access. It involves securing sensitive systems and information from unlawful use while ensuring the confidentiality, integrity, and availability of all related data. The term applies in various contexts, from business to mobile computing, and falls into a few common categories.

Device management – the increase in bring-your-own-device programs and work-from-home arrangements has also increased the number of attack vectors available to cybercriminals. Ensuring the end-point devices used to access sensitive data are secure becomes a critical decision. Failure to do so leaves valuable information at risk.

Network and cloud-based IT security – as cyber threats grow and change, so does the need to meet these challenges with professional security suites. At the same time, new network infrastructure needs vetting before it enters service. Regular reporting and iterative network security audits can help identify unknown attack vectors before they become targets.

Threat intelligence and predictive analytics – the best cure is prevention. When it comes to managing cybersecurity, this is the best kind of prevention. Intelligent threat detection begins with predictive analysis of emergent behaviour from attackers and users alike to identify which requests may be fraudulent and may need authenticating before proceeding.

Incident response and recovery – it’s well known that no one individual cybersecurity solution can be called 100% effective. So it pays to prepare for a potential breach ahead of time. Should an attack shut down or lock out your system, a managed disaster recovery solution can help reduce the impact, getting you back online with minimal disruption.

IT risk assessments – perhaps the most critical step in securing your IT infrastructure from cyberattacks. An IT security risk assessment can give you the insight you need to identify and reinforce gaps in your protective environment. From the E8 through to complete NIST assessments, organisations of all sizes have a wealth of security risk assessment standards to choose from.

Ransomware protection suite – this is a relatively new and emerging set of solutions. Ransomware protection helps to protect your organisation from the threat of malicious encryption events.

Cyberattack targets

It’s clear that cybercriminals would target sensitive details like bank accounts and invoice details. However, they no longer focus specifically on organisations that deal in these kinds of information.

Modern cybecriminal activities now aim to access a broader range of data, including contact lists, official emails, and internal memos. Some of these targets may seem like they won’t offer much value to cybercriminals. But the truth is that cybercriminals can use them in any number of ways.

Some uses include transferring funds from an organisation or creating fraudulent invoices. Others make use of target details in tandem with existing information to make other attacks more effective. Even if the information is not inherently valuable, a cybercriminal may attempt to block authorised access to this information, in an effort to extort money from the target business to enable access once again.

Regardless of what your organisation is involved in, the chances are that you have information on hand that cybercriminals will find valuable. And it’s not just the big organisations that are under threat. In 2020, 60% of all targeted cyberattacks in Australia were aimed at small and medium businesses.

What’s clear is that cyberattacks aren’t random events – they’re targeted activities. And every organisation is a target.

Types of cyberthreats

Earlier in 2021, anti-malware group Malwarebytes released data showing that both the frequency and complexity of cyber threats is increasing.

Here are some of the types of cyberthreats faced by modern organisations.

Malware – the term “malware” is a portmanteau of “malicious” and “software” that perfectly describes the phenomenon. Malware refers to any intrusive software used by cybercriminals to damage devices, steal data, or disrupt computer systems. Some common examples of malware include viruses, worms, trojans, spyware, adware, and ransomware.

SQL injection – Structured Query Language (SQL) is a domain-specific programming language designed for managing data held in a relational database. An “SQL injection” attack targets web applications that handle user input. The compromised web application “injects” malicious SQL statements into the execution field to alter a program’s behaviour. These statements may aim to access or manipulate data or give the attacker control over the associated app data store.

Phishing – this process sees scammers disguising themselves as trustworthy sources or authority figures. A phishing attempt can take place over email, SMS, social media messages, or even automated phone calls. A phishing attack aims to gain access to sensitive information or personally identifiable information, including bank details, credit card numbers, and username/password combinations. The data can help criminals access user accounts fraudulently, leading to identity theft and financial loss.

Man-in-the-middle attacks – a man-in-the-middle attack involves intercepting traffic between two or more points in a network. The attacker may passively eavesdrop on the network traffic to access unsecured information. Or they may deliberately block and alter traffic to steal login credentials and personal information, corrupt data, or sabotage communications. This interception can occur over public Wi-Fi networks, using specifically designed malware, or through DNS spoofing.

Denial-of-service attack – A denial-of-service (DoS) attack involves blocking legitimate user access to information systems, devices, or other network resources. This attack overwhelms the target with fake traffic until the target machine or network cannot quickly respond. This attack can prevent access to email, websites, and online accounts that rely on the affected network. DoS attacks can cost an organisation time and money and can result in severe user frustration.

The cost of cyberattacks on business

A cybersecurity incident of sufficient size can devastate any business. And the costs of these attacks is also growing.

Data from the Australian Cyber Security Centre shows that the average cost of a cybercrime attack to a business is $276,323, with 53% of this going towards detection of and recovery from said attacks.

On the low end, the average cost to a business from a virus, worm, or trojan is $421, with other malware averaging $458. On the high end, however, a single denial-of-service attack can cost a business an average of $180,458.

It’s not just financial losses that impact a targeted business. Operational disruptions account for up to 40% of costs incurred, followed by information loss (29%). There’s also the damage done to a target organisation’s reputation – which can be hard to calculate but can leave a mark on the balance sheet that takes hard work to expunge.

Luckily, managing the cybersecurity threat doesn’t have to be complicated. There are simple measures that can significantly reduce the potential impact of the most common cybersecurity incidents.

Simple cybersafety practices

For many businesses, the primary cyber defence strategy is to enable and enforce the basics of cybersecurity. The Australian Cyber Security Centre (ACSC) has published an advisory called the Essential Eight. This advisory consists of eight mitigation strategies designed to help organisations mitigate or prevent cybersecurity incidents.

  1. Application control – restrict application usage to an approved whitelist on all workstations and servers.
  2. Patch applications – install all security patches and updates within 48 hours upon publication from the application vendor. Automate updates on all third-party software.
  3. Configure Microsoft Office macro settings – block all Microsoft Office macros in documents originating from the internet. Restrict privileges that let Microsoft Office users change these macro settings.
  4. User application hardening – disable Java, Flash, web advertisements, and other potentially malicious and virus-carrying vehicles in all user web browsers and Microsoft Office applications.
  5. Restrict administrative privileges – this strategy involves limiting users with administrative rights and requiring validation for accessing any privileged access, including periodic re-validation and other security measures.
  6. Patch operating systems – patch all operating systems within 48 hours of a vulnerabilities discovery, automate OS updates and update or replace operating systems that are no longer supported.
  7. Deploy Multi-Factor Authentication – mandate the use of multi-factor authentication (MFA) for all privileged users and those who use remote access solutions.
  8. Perform daily backups – back up essential systems and information daily. Validate and test backup solutions regularly. Ensure backups can be stored securely for at least three months.
What is managed security?

Managed security refers to the outsourcing of an organisation’s cybersecurity efforts rather than running them in-house. As security has become more and more at the core of IT systems, specialist Managed Security Service Providers (MSSPs) have been joined by full service Managed Service Providers (MSPs) in fulfilling the roles related to information security for their clients, and to protect them against data breaches. Both MSPs and MSSPs can help lift the pressure from internal teams and enable access to additional resources and professional expertise.

Managed security services offer a systematic approach to managing ongoing cybersecurity efforts. Solutions can include 24/7 monitoring, firewall maintenance, automated updates and regular security audits. These solutions help ensure that an organisation mitigates any risks identified that could lead to a cybersecurity incident.

If a cybersecurity breach does occur, a managed security service can offer fast remediation solutions. These can include failover data services, restoring sessions from remote backups, and removing intrusive malware from the network infrastructure.

These services also remove the security burden from in-house staff, letting them focus on their core responsibilities.

Benefits of managed security

Before committing to a specific cybersecurity arrangement, organisations need to consider their unique requirements. These can include industry-specific requirements, data protection laws, and any other relevant guidelines.

Some benefits include:

  • Predictable security costs allow for better budgeting.
  • Freedom to focus on core business activities.
  • Access to extensive cybersecurity knowledge and task-specific solutions.
  • A single point of control for resolving cybersecurity issues.
  • Improved detection and resolution of existing vulnerabilities.
  • Increased action-oriented insight can reduce alert fatigue.
  • Improved scalability and utilisation of security resources.
  • Dedicated staff help ensure fast response times.

It’s also a good idea to consider how the benefits of a managed security service fit in with its operations, outcomes, and strategic goals. If you need help with managing you cybersecurity – or if you’re not sure what measure fit your needs – a cybersecurity assessment can help get you started.