Dynamiq CEO Jarrod Wilson
Falling for email scams is becoming the most costly mistake made by companies around the world.
Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus—and they’ve only proliferated since.
The World Economic Forum notes attackers are using COVID-19-themed phishing e-mails, which pretend to deliver official information on the virus, to lure individuals to click malicious links that download Remote Administration Tools on their devices.
There has also been more than 100,000 new COVID-19 web domains created, which should be treated with suspicion.
Phishing is a social engineering attack used to steal user data and gain access to vital systems, login credentials and credit card numbers. It happens when an attacker, acting as a trusted entity, convinces the victim to open an email, instant message, or text message.
With so many of us now working from home with unsecure Wi-Fi or vulnerabilities in Virtual Private Networks, scammers are capitalising on the confusion and increasing the size and scale of their cyber attacks.
Scam Watch ranks phishing as the number 1 reported scam in Australia. There has already been more than 5,343 reports this year.
While once cyber risk and IT security were the domain of the IT professional, it’s now a significant business risk which needs to be addressed by both business leaders and the board.
Many business leaders don’t realise the biggest cost of a data breach is not the breach itself, but the business disruptions that occur because of it. IBM has listed the biggest cost factor in a data breach as ‘Lost Business’, which accounts for 36 per cent of the entire breach cost. This cost is greater than detection, escalation, post breach, and notification costs.
Why companies are neglecting cyber risk
More than half of Australian organisations have no cyber security governance in place, found the recent Security In Depth survey of nearly two thousand businesses. Some 38 per cent did not provide any cyber awareness training to staff, despite 71 per cent of breaches being the result of human error and 90 per cent beginning with an email. The survey also found 63 per cent of companies “have no idea” how to respond to a cyber incident.
With so little cyber security oversight, it’s no surprise Australia had become a testing ground for hackers trying new kinds of malicious software.
Turning the ship around
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed Strategies to Mitigate Cyber Security Incidents. The strategies focus on governance and response and cover cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
ACSC said, “Prior to implementing any of the mitigation strategies, organisations need to identify their assets and perform a risk assessment to identify the level of protection required from various cyber threats.”
We’ve been working within these mitigation strategies to develop Qantian for our clients. It’s a cyber resilience program which identifies cyber risks, quantifies the severity of the risks, and provides solutions to address the risks. In addition to improving governance and response capabilities, Qantian has a strong focus on people risk management with industry-leading education, awareness and testing programs.
How the resilience program works
Identify risk – Our online risk assessment uses data insights and analytics to identify the gaps in protecting your data assets.
Quantify risk – An output report tells you exactly how vulnerable your business is. You get a percentage risk score for three key risk pillars of people, process and technology.
Solution exploration – Our consultations help you find the right solutions for your business based on the identified risks. That way, you are not throwing wasted dollars towards solutions you don’t need.
Supplier selection – We make it easy to find the right supplier. We’ve partnered with tried-and-tested providers who understand the budget constraints of small and mid-sized organisations.
Managing cyber risk shouldn’t have to be such as complex task. Our consultants have spent the hundreds of hours up front to develop Qantian so you can quickly identify your vulnerabilities and start working to fix them.