Is your business vulnerable to these common security threats?
With October being Cyber Security month, it’s a timely opportunity for businesses in Aotearoa to check in on their own security measures and performance.
Threats are always evolving, so there’s no room for complacency when it comes to business security. In fact, according to CERT NZ’s recently released Quarter 2 report, ransomware incidents have more than doubled from the previous quarter, despite overall increased vigilance and awareness.
To help you understand where you may need to tighten up your IT security, here’s an overview of the biggest threats impacting New Zealanders, and some steps to take to keep your business safe.
The big threats
Of the 1351 incidents reported to CERT in Q2 2021, the most common threat was phishing and credential harvesting (618), followed by scams and fraud (390) and unauthorised access (171). Reports of ransomware also continue to rise with 30 reported for the quarter.
Ransomware enters your system through a weak spot - potentially out-of-date software, weak passwords or via a malicious link or document in a phishing email - and encrypts files, preventing them from being accessed or read. A ransom is then demanded in return for the stolen data. While ransomware attacks are financially motivated, most don’t result in direct financial loss. Recovery of data, and the loss of time and resource involved in that recovery, however, can be significant.
The best thing you can do to ward off these threats is to take a proactive approach to prevention. We recommend:
Keeping your operating system and apps up to date.
Backing up files regularly, and using trusted cloud-based storage.
Installing anti-virus software and firewalls.
Establishing robust cybersecurity policies.
Implementing strong password policy and two-factor authentication.
Providing regular training and updates to staff, particularly in regards to remote working policies.
Want to know more? Take a look at this previous blog, with information on ransomware, how to prevent an attack and what to do if you’re hit by an attack.
What makes your business a target?
Accessible internet-enabled devices and platforms leave you open to these kinds of attacks. CERT’s most commonly reported vulnerabilities are websites or web servers, followed by applications or software. These vulnerabilities are exploited by attackers in order to access data or damage a system.
This is where long, strong and unique passwords are your first line of defense. The harder they are to guess, the longer it takes an attacker to access your account and the more likely they are to give up. Avoid using preconfigured usernames and default passwords on devices, and use a password management tool to help keep your unique passwords safe. Default passwords provided by your browser don’t necessarily have the same level of security or encryption as dedicated password managers.
Double-down on your defense by adding two-factor authentication, which requires users to provide secondary authentication (received via an app or SMS) in order to access a platform or device. Also referred to as Multifactor Authentication or MFA, it is our recommendation that this is a mandatory requirement on all systems that support it.
For more, have a read of this blog, where we have put together our password security tips and recommendations for stronger password policy.
The potential impacts
CERT reports that direct financial losses totalled $3,885,244 in Q2, increasing 28% from $3,038,426 in Q1 2021. While that’s significant, financial loss isn’t the only impact that cyber threats can have on your business.
Reputational loss, data loss, operational impacts and technical damage are all equally damaging to a business, no matter the size. Financial costs also come in the form of time and resource lost, and in the contracting of IT security services for recovery and to implement more secure systems.
Recent attacks have seen some well-known Kiwi business names in the headlines - including large financial institutions, Kiwibank and ANZ, along with New Zealand Post, Inland Revenue and Metservice - who all experienced digital blackouts. It goes to show that despite the extensive security measures these organisations have in place, attacks are getting more and more sophisticated.
Unfortunately, recent lockdown restrictions have given criminal groups motivation to attack when businesses are potentially more vulnerable. Remote working employees can expose you to more risk. Regularly auditing and evaluating your security risk can help mitigate exposure to these threats and the potential for significant loss. If it’s time you checked in with how your business is tracking, we can help. We’ll run your systems through our risk assessment, and help ensure you have the right policies in place to keep your business as protected as possible. Get in touch to chat more.