Cyber-attacks are on the rise. This is true for individuals, but especially for businesses. When COVID-19 sent the world into lockdown, we turned to platforms such as Zoom and Teams so we could continue working. Due to this, cybercriminals took advantage of the influx of online activity.

Ransomware attacks

During the past several years, ransomware attacks were one of the more popular attacks used by hackers. These are generally motivated by financial gain, where the hackers gain access to a network or system and extract sensitive information. They will then demand money from the victim, in return for unencrypting blocked computers or releasing stolen data.

Of the businesses that were hit by ransomware attacks, 54% paid the ransom. Of those that paid, 76% received their data back, while 24% did not. Furthermore, reports show that SMEs are especially at risk of these attacks, with 71% of ransomware attacks targeting small businesses.

Other types of attacks

There are a lot of ways hackers can gain access to your data. Some of the most common include:

• Phishing attacks – when an attacker pretends to be a trusted contact and encourages the user to click a malicious link, download a malicious file or give them access to sensitive information.
• Malware – software that hackers use to gain access to your computer, which in turn harms your system or network, allowing them to steal data, hold your computer to ransom or install other programs without your knowledge.
• Denial-of-service (DoS) – these attacks flood a system’s resources. This overwhelms them, reducing their ability to perform and is often a prelude to another attack.

Of course, there are many more types of attacks, but what are these cybercriminals trying to achieve and who are they? From businesses, hackers are looking to access things such as business financial data, client lists, customer financial data, login credentials and IT infrastructure access.

Often, we assume these criminals are attacking from the outside, and of course, that is often the case. Organised criminals, professional hackers and amateur hackers are all threats; however, we need to also recognise threats can come from the inside. Some threats can be unintentional, such as employees being careless of policies and procedures, however, others can come from disgruntled employees, business partners, clients, or contractors.

Along with the obvious loss of data, cyber-attacks on Australian businesses cost an average of $276,000 per attack. With cyber-attacks up 30% since the beginning of the year and 90% of those attacks being successful, businesses need to take a serious look at how they can protect their systems and data.

What is the best course of action?

The best thing any organisation can do is have in-house cyber security specialists. This has several benefits including improved response time to cyber-attacks and reduced costs associated with them. In-house specialists can also help you review your current policies and procedures and advise on how your organisation’s overall cybersecurity can be improved.

Instead of bringing in more people, upskill or reskill your current employees. As part of the 2022–23 Budget, the Australian Government announced that it will support businesses through an investment boost. Businesses with an aggregated annual turnover of less than $50 million will be able to deduct an additional 20% back in tax for every dollar spent on training.

How do you find the right person?

CTIA has a skills test to help identify if a person has the skills that will allow an individual to excel in cyber security. We all have someone in our organisation, that is flying under the radar, with the right mindset, mental skillset, and ambition, to venture into a career in Cyber.

Amanda had been a stay-at-home mum for ten years, and only re-entered the workforce this year. With a background primarily in administration but an interest in tech, she took the pre-program assessment for fun and was identified as being the perfect candidate to reskill in cyber security. After discussing her options with her employer, both parties decided that they would nurture Amanda’s interest and natural talent and enrol her in CTIA’s Cyber Security Analyst program.

Once she has completed the program, she will be equipped with a Certificate IV in Cyber Security, along with the skills necessary to become their in-house specialist. Not only is this a great opportunity for both employer and employee, it’s also a benefit for the industry at large. While we continue to struggle with the skills gap and diversity in the workforce, every person we can encourage into the space will boost the industry.

Don’t take your current employees at face value. Find out where their interests lie and use that to give an advantage to both the individual and to your organisation.