What could you do in 39 seconds?
Pay your credit card bill?
Text your mother?
Set your fantasy football lineup?
Hack into an unsuspecting company?
Scratch that last one, but given how rife cyber attacks are, it is likely to be an item on someones "to do" list.
Because every 39 seconds - on average- there is a hacking attack, according to research conducted by the University of Maryland.
Cyber Crime is massive and it's not going away.
We hear a lot of cyber attacks like hacking and stolen data. But the true scale of the cyber crime industry will blow you away. The cyber crime industry is estimated to be valued at AUD $2.2 trillion.
Put that into perspective and compare it to an actual tangible industry - like the Australian mining industry between 2017-2018 - where products like coal, iron ore, and gold, were valued at approximately AUD $1.8 trillion by the Australian Bureau of Statistics and you can see how big and profitable cyber crime actually is.
According to the 2019 investigations by Verizon, 43% of breaches involved small businesses as victims, where the organisation has less than 250 employees. You may question why small businesses are targeted. Probably for a couple of reasons:
- Small businesses usually don’t prioritise their cyber security, and are therefore more vulnerable.
- Small businesses have links to bigger business. One of the lesser talked about issues is that if a smaller business is compromised, it can also compromise other companies they work with. In fact, an attack on a small company could lead to an attack on their partner companies through the stolen data. In 2013, a refrigeration company was compromised by attackers, allowing the hackers to steal credentials that led to the huge hack on the company, Target.
Apart from the obvious issues of stolen data, one of the other most damaging elements from a cyber-attack is the downtime of assets like computers, servers and even printers. For asset intensive industries like mining, to be hit with a cyber attack could be so detrimental, that it could cause massive safety implications as well as the companies operations to cease. We have an article discussing how to increase asset up-time and reliability here.
Downtime for a mining company can result in reduction of safety, and losses of hundreds of thousands, or even millions of dollars. So if a company was hit with a crippling attack that turned their network off for hours and would take days to fix, the safety issues that could result and the amount of money involved in the clean-up of the attack could be crippling.
3 Things you can do to help prevent a Cyber Attack
Some things a company could do today to be on the path to better security practices are:
1. Revise cyber security standards and policies
By improving standards and applying policies, it lowers the cyber-attack risk to a business. That may sound trivial and obvious but 41% of companies have over 1000 sensitive files open to everyone in the company, and 65% of companies have over 500 users with passwords that don’t expire. Improving cyber security standards may sound obvious, but the real fact is that these standards and policies either aren’t there to begin with, or are poorly implemented.
2. Review employee use and access controls
Ensuring that proper access controls are in place for sensitive file is a major area that many companies could fix now. Abuse of privileges could result in crippling outcomes for a business and something that many organisations could improve.
3. Provide workshops and training to employees to educate on potential attacks and how to avoid
One of the major root causes of cyber attacks stems from lack of knowledge from employees. It is critical to provide workshops and training to employees to expose them to the kinds of attacks that are commonly instigated, like phishing emails or malicious software downloads, and ensure they are aware of what to look for, who to inform and how to proceed in the event of an attack.
Andy Lu, Cyber Security Intern, Denver
My name is Andy Lu, I am in my third year, currently completing a Bachelor of Science (Cyber Security) at Edith Cowan University. At present I am interning at Denver, as part of ECU’s Work Integrated Learning (WIL) program. At ECU I have learned a plethora of things and have been involved in university life. However, I found that I thrive and learn the most by applying newly learnt ideas -this is why the work placement program is such an amazing experience.
At Denver, I have been exposed to many concepts and learning experiences that I would not have had at university. I am able to work with and see corporate level equipment and networks that weren’t truly conceptualized in academic learning. The program is hands-on, and I am able to work on real-life systems and with real clients, something seldom found in a theoretical environment. I find the experience is invaluable. Through this program I have been able to apply my academic knowledge, and fortunate enough to have the resources to do so. I have found the Denver team to be a wealth of expertise and are so happy to give feedback and guidance. I am grateful to have a mentor working in the industry to guide me and share their knowledge.