The fallout from the recent Optus cyber attack and the ransom demands for Medicare last month continue. Tens of millions Australians were affected, and many are still scrambling to prevent identity theft.
The cyber warfare against Australia is now so acute the Federal Government has set up a taskforce to tackle this serious and complex issues.
Cyber Security Minister Clare O’Oneil declared the threat to the nation of cybercrime, including foreign interference, means governments and businesses need to work together to tackle the issue.
Minister O’Neil believes Australia is years behind where it should be. and says the country is asleep at the wheel on cyber security.
Given recent developments, you might think this proves cyber criminals are only interested in major league companies.
Well, think again. They target everyone, and that includes small businesses.
When you think about computer hackers trying to get your information, many still envisage a lone wolf tech nerd sitting in his darkened room, tapping away on his keyboard.
According to John Williams, Business Development Manager with Qbit IT Solutions, that couldn’t be further from reality.
‘In Russia and China, where most big hacking organisations are, it’s big, big business,’ he says.
‘These organisations have HR departments and social clubs, and they work out of multi-story buildings. They are the new crime underworld.’
Many find It hard to believe that the internet equivalent of the mafia would be interested in their small mining services business, but they are.
They aim to lock your IT systems, and you must pay a ransom, usually in cryptocurrency, to get your information back.
According to John Williams, the cyber security efforts of many big companies mean hackers aren’t getting the multi-million-dollar payloads they used to, so they’re looking elsewhere.
And Australia is their new happy hunting ground.
‘These massive, international organisations are aware that compared to the rest of the world, Australian small businesses are dragging their heels regarding cyber security.
‘So they’re now targeting those businesses with smaller ransom demands that will have a cumulative effect on delivering profits.’
John uses the example of a small Perth-based mining services company with a workforce of six people.
‘I proposed several different cyber security programs. They knew they needed that but balked at the whole package deal.
‘The owner said it was overkill and he didn’t need all that security.
‘Five weeks later, he phoned. ‘Can you help me? Can you come and help me now? We’ve had a ransomware attack; they want $50,000 in bitcoin’.’
John told him to disconnect from the internet immediately. When he arrived and looked at what had happened, he found a small note-pad file attached to every piece of intellectual property right across the business, demanding a $50,000 bitcoin ransom.
‘The first thing I asked was where’s your backup? He had backed up on a hard drive, but he’d already plugged it into his infected computer, so it also became infected.
‘It took us thousands of dollars in remediation work to get him cleaned up and ready to go, and he was able to get his data back.’
So how do IT systems let in hackers? Unbelievably, the most significant proportion of viruses and ransomware still come in through clicking on emails.
‘We can put email filtering in place, but unfortunately, that doesn’t pick up or cancel out everything,’ John says.
‘These hackers are sophisticated and very good at tricking users.
‘They may well send an email for you to log in to your account, you put in your password and once you do that, you’re giving them access to your email.
‘Then when they’ve got your password and email address, they fire it at everything; Facebook, Twitter, Yahoo, banking apps, you name it.
‘It takes just minutes for their script to run and they fire that combination at everything.
‘And if you use the same email address and password combination, which many still do, you can be compromised.’
There are ways to protect yourself in-house other than using different passwords,
‘Make sure there are tools in place to block the hackers, like multi-factor authentication.
‘When I log in to my computer in the morning, I put in my password, then a message is sent to my mobile phone, and I must accept it through my phone to get into my computer.’
John’s final advice is not to think you’re too small to be subject to a ransomware attack and always, always, back up your data.