Small business takeaways from the ACSC’s 2020 cyber threat report

Last week the Australian Cyber Security Centre (ACSC) released their Annual Cyber Threat Report for 2019/2020, outlining recently reported cybersecurity incidents and trends involving Australian organisations. This report has been published most years since 2015 in conjunction with the Australian Federal Police, the Australian Criminal Intelligence Commission and the Australian Signals Directorate.

It was good to see this year’s report now breaks down incidents by company size. This helps to highlight the fact that small businesses and sole-traders are just as often the victims of cyber incidents as large enterprises and Government organisations.

Unfortunately, the number of cyber incidents related to ‘Exfiltration or deletion/damage of key sensitive data or intellectual property’ for small organisations and sole traders is higher than that of any other category. This is no surprise, given recent increases in ransomware, where cybercriminals have begun to take copies of data before encrypting it. Small businesses are less aware or well-equipped to identify and manage ransomware, and will often pay to make the problem go away or avoid reporting it.

The ACSC has assessed ransomware as the biggest threat this year. This is largely due to the devastation it causes and low cost of entry for cybercriminals. Cybercriminals will research businesses and networks they’re targeting, often also attacking backups to maximise damage and increase the likelihood of getting paid.

Reminding your team to keep an eye out for suspicious activities can help you spot these types of attacks before they cause any serious harm. Cynch recently shared insights into how ransomware attacks occur and what can be done to protect small businesses with their members.

‘Low-level malicious attacks’, where no sensitive data was lost, were also noted as common amongst small and medium businesses in this year’s report. This includes things such as targeted probing by criminals looking for ways into a business. Many small businesses would be familiar with these types of attacks with a growing number of emails trying to get you to give up your password or click on a dodgy link finding their way into your inbox. Cybercriminals are always looking for ways to catch people out and unfortunately stressed small business owners are seen as juicy targets. Over the last 6 months, there has also been a huge increase in COVID-19 themed scams in particular, as our need to stay up to date has become an effective way of catching us off guard.

It’s likely that another reason for the significant increase in incidents is as a result of larger corporates tightening security, making smaller businesses an easier target for cybercriminals.

According to the report, last year saw a cybercrime reported every 10 minutes to Report Cyber, ACSC’s online reporting tool. With businesses having gone through massive digital changes this year, these numbers are likely to be eclipsed in the coming year.

To avoid your business becoming another statistic, start a discussion today with your team about what you’re doing about cybersecurity and look for ways to start building cyber fitness.