How hackers can ransom Southern Downs businesses
ABOUT 1900 Southern Downs businesses risk being held to ransom by greedy hackers because of lax computer system security, experts say.
A new report by BDO Australia and AusCERT shows 48% of small and medium enterprises do not conduct regular cyber risk assessments, leaving them open to technology-based crimes.
Based on the 2016 Cyber Security Survey findings, this means at least 1940 of the 4042 Southern Downs businesses could be in the firing line.
The biggest risk to our businesses is ransomware, with new research by virus software company Kaspersky Lab showing the attacks rose from one every two minutes to one every 40 seconds in Australia over the past 11 months.
Ransomware - or cryptolock - hacks usually happen when an unsuspecting email recipient opens a message purporting to be from reputable and trusted big name organisations such as Australia Post.
Unwitting recipients will click on a link that results in malicious software being installed on, and crippling, their employer's computer system.
Unprepared businesses can be forced to pay a ransom to have their data released.
The ransom will increase depending on the type and amount of data on the business's server and it is always paid in untraceable bitcoins.
One bitcoin is worth about $1000.
BDO cyber security national leader Leon Fouche said small business operators such as clothing retailers, health services and private education providers were more likely to pay the ransoms because they could be significantly cheaper than upgrading their security systems.
Mr Fouche said there was no guarantee the cryptolocker would not block the business's system again and there was also an increased risk of sensitive client information being stolen.
"Ransomware is such an easy way to actually get into organisations' environments because it exploits vulnerabilities and it can be done on a wide scale," Mr Fouche said.
"The hackers don't charge a lot of money for the ransom so it's probably easier for people to pay."
Warwick technology expert Anthony Viola said ransomware was a major problem as were phishing attacks when people phone seeking access to a business's computer so they can install software that helps them steal bank account and other information.
Mr Viola said businesses needed daily data backups and clear instructions for all staff to avoid clicking on unexpected email attachments or links.
"The only way to protect yourself is to be careful with what emails you open and if someone calls from your bank or from Microsoft asking to access your computer, just hang up," the Warwick Computer Service owner said.
"Ask yourself 'When is the last time my bank called me concerned about my bank account? Or when was the last time Microsoft wanted to know how my computer was?'."
Phishing - where hackers access systems to obtain usernames, passwords, credit card details and other information - is a common attack; as is the release of system-crippling malware or Trojan infections. - ARM NEWSDESK
The % of cyber attacks on Australian businesses in the 2015-16 financial year.
ATTACK TYPE % of attacks
- Ransomware: 22.1%
- Phishing/targeted malicious emails: 18%
- Malware/trojan infections: 17.3%
- Denial of service attack: 9%
- Email addresses or website blacklisted: 5.5%
- Data breach: 5.2%
- Loss or theft of confidential information: 5.2%
- Theft of laptops or mobile devices: 3.8%
- Unauthorised access to information by internal user: 3.8%
- Unauthorised access to information by external user: 3.5%
- Brute force attack: 2.8%
- Website defacement: 2.4%
- Unauthorised modification of information: 1.4%
Source: BDO Australia/AusCERT 2016 Cyber Security Survey of 420 Australian businesses.