The Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports during the 2021–22 financial year; working out to a cyber attack every 7 minutes. The financial impact on small and medium businesses was substantial with the average attack on a small business resulting in a loss of $39,000, whilst for medium-sized businesses the figure averaged $88,000 (ACSC Annual Cyber Threat Report 2021–22). Cybercriminals continue to devise ever more sophisticated ways to target small and medium-sized businesses targeting community concern and goodwill especially around natural disasters and at times like Christmas and tax time.
With cybercrime taking up a lot of media air time at present, this article will focus on what cybercrime means for small businesses, some of the fraudulent methods used, and what cybersecurity measures exist that can keep your business safe.
What is cybercrime?
The Australian Commonwealth Department of Public Prosecutions (CDPP) defines the term ‘cybercrime’ as both:
- crimes directed at computers or other information communications technologies (ICTs) (such as computer intrusions and denial of service attacks), and
- crimes where computers or ICTs are an integral part of an offense (such as online fraud)
What is a cyber attack?
The ACSC defines a ‘cyber attack’ as:
- a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability, or economic prosperity.
Evidence from the ACSC Annual Cyber Threat Report 2021–22 indicates that the threat of cybercrime on Australian individuals, businesses, and governments will only grow in number, sophistication, and impact.
What different types of cybercrime are there?
The Australian Competition and Consumer Commission (ACCC) has defined some of the more common and creative forms of cybercrime affecting small to medium businesses as captured in the table below:
| Threat Type | Definition & Method of Attack | |
| False Billing | False billing scams request you or your business to pay fake invoices for things like directory listings, advertising, domain name renewals or office supplies that you did not order. | |
| Overpayment Scams | Overpayment scams work by getting you to ‘refund’ a scammer who has sent you too much money for an item you are selling. | |
| Malware & Ransomware | Malware tricks you into installing software that allows scammers to access your files and track what you are doing, while ransomware demands payment to ‘unlock’ your computer or files. | |
| Phishing | Phishing scams target businesses or organisations in an attempt to get confidential information for fraudulent purposes. | |
| Online Shopping Scams | Online shopping scams involve scammers pretending to be legitimate online sellers, either with a fake website or a fake ad on a genuine retailer site. | |
| Investment Scams | Investment scams involve promises of big payouts, quick money or guaranteed returns. | |
Key Takeaway 1- Individual Australians lose more money to investment scams than any other because they are often hard to spot.
Cybersecurity Tip – Always seek independent legal advice or financial advice from a financial advisor who is registered with ASIC before investing.
Key Takeaway 2 – Small businesses are targeted more often with ransomware because they are usually unprepared to deal with ransomware attacks.
Cybersecurity Tip – ACSC advises to never pay a ransom. Paying a ransom does not guarantee your files will be restored, nor does it prevent the publication of any stolen data or its sale for use in other crimes. You may also be targeted by another attack.
What is cybersecurity?
Cybersecurity is the practice of defending your online technology and information (computers, servers, mobile devices, electronic systems, networks, and data) from malicious attacks and can be divided into a few common categories:
| Security Type | Definition |
| Network security | covers the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware. |
| Application security | focuses on keeping software and devices free from threats attempting to steal your information. |
| Information security | protects the integrity and privacy of data, both in storage and when you are attempting to send it online to a third party. |
| Operational security | includes the processes, decisions and user-level access permissions users have for handling and protecting data assets. |
| Disaster recovery and business continuity | define how an organisation responds to a cyber-security incident or any other event that causes the loss of operations or data. Business continuity is the plan the organisation falls back on while trying to operate without certain resources. |
| End-user education | Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. End-user education
addresses the most unpredictable cyber-security factor: people. |
Next Steps
In this article we explained how cyber attacks on Australian businesses are increasing each year, detailing some of the cyber threats that are out there and the kind of cybersecurity measures that can be implemented to mitigate them. In Part Two of this series of articles, we will cover the fundamental steps you can take to safeguard you and your business.
SG Advisory IT offers a suite of IT management services and technical supports designed to maximise and maintain your business’s cybersecurity. We work collaboratively with you to understand the needs of your business, match you with the security measures you need to protect your technology, data, resources, and finances, and provide you and your employees with ongoing support and training as required.
Contact SG Advisory IT today and let’s ensure you and your business are protected.