Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Australian Businesses. Show all posts

Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

 

Small trade businesses are on high alert following a significant data breach at Total Tools, a major Australian hardware retailer, which exposed sensitive information of over 38,000 customers. This breach compromised customer names, credit card details, email addresses, passwords, mobile numbers, and shipping addresses, making small trade businesses potential targets for secondary cyberattacks. 

The CEO of the Council of Small Business Organisations Australia (COSBOA), Luke Achterstraat, emphasized the importance of heightened vigilance for businesses, especially those in the construction and trades sector, as they face increased risks of cyber threats. Achterstraat urged all businesses with online hardware accounts to monitor for any unusual activity in the coming days and weeks. He stressed the importance of protecting sensitive data, finances, and client information from potential scams and fraud. COSBOA recommends businesses to immediately review their security protocols, change all passwords linked to Total Tools accounts, and enable two-factor authentication where possible to minimize the risk of unauthorized access. 

To further support small businesses, COSBOA is promoting the Cyber Wardens program, a free eLearning initiative funded by the Federal Government. This program is designed to help small businesses and their employees fortify their digital defenses against cyber threats, equipping them with the knowledge to identify and prevent cyberattacks. COSBOA has partnered with industry bodies such as the Master Builders Association, the National Timber and Hardware Association, and the Master Grocers Association to ensure that small businesses across Australia have access to the necessary resources to safeguard against cybercrime. 

With cyberattacks on the rise, especially in sectors like construction and trades, small businesses must stay informed and prepared. Hackers often exploit vulnerabilities in these industries due to the valuable data they handle, such as payment information, client details, and supplier contracts. Therefore, investing time in employee training and implementing cybersecurity best practices can significantly reduce the risk of future breaches. The recent data leak at Total Tools serves as a critical reminder that even trusted suppliers can fall victim to cyberattacks, putting customers and affiliated businesses at risk. As more companies move toward digital solutions, the importance of cybersecurity can’t be overstated. COSBOA’s efforts, through the Cyber Wardens program, aim to create a more secure environment for Australia’s 2.5 million small businesses, ensuring they are well-equipped to tackle the ever-evolving cyber threats. 

In addition to joining cybersecurity programs, businesses should regularly update software, employ strong, unique passwords, and back up essential data to reduce the impact of potential breaches. By taking these proactive steps, small trade businesses can enhance their digital security, ensuring they remain resilient against future cyber threats.

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.

Australian SMBs Faces Challenges in Cyber Security


The internet has turned into a challenge for small to midsize businesses based in Australia. In addition to the difficulty of implementing innovative technology quickly and with limited resources because of the rate of invention, they also face the same cyberthreats that affect other organizations. Then, as 60% of SMBs close following a breach, companies that are breached are likely to fail later.

This has raised concerns of the regulators. 

According to a recent report by ASIC, ‘medium to large’ business firms are recently been reporting severe cyber security capabilities in comparison to other organizations, including supply chain risk management, data security, and consequence management.

In response to the aforementioned threats, the Australian government has announced an AU $20 million package to boost small businesses. An optional cyber "health check" program is being established as part of this to assist small business owners in assessing the maturity of their cyber security. A Small Business Cyber Resilience Service, which will offer a one-on-one service to assist small firms in recovering from a cyber assault, will also receive $11 million of the package. 

This initiative will focus on areas where SMBs are the most vulnerable. However, small firms will also need to take it upon themselves to place a lot greater emphasis on resilience than they have been doing in the face of growing cyber threats. 

The Risk in Numbers 

The ASIC research analysis found that small businesses are only slightly more effective than half of their medium and big counterparts in several areas, such as identifying threats and overcoming them.

The significant percentages of small businesses are as follows:

  • Do not follow or benchmark against any cyber security standard (34%).
  • Do not perform risk assessments of third parties and vendors (44%).
  • Have no or limited capability in using multi-factor authentication (33%)./ Do not patch applications (41%).
  • Do not perform vulnerability scans (45%). Do not have backups in place (30%).

The Cost to Small Business

The Annual Cyber Threat Report 2022-23 published by the Australian Signals Directorate reveals that the average cost of cybercrime has increased by 14% over the past year. Small firms paid $46,000, medium-sized organizations paid $97,200, and bigger enterprises paid $71,600.

Of course, that is a financial burden for any business, but it seems to be especially harmful for SMBs. Approximately 60% of small firms that experience a breach ultimately go out of business as a direct result of it.

These organizations face a real existential threat from cyber security. Even those who manage to escape the breach's direct costs still have to deal with the harm to their reputation, which can cost them partners and customers as well as short-term cash flow. In the best-case scenario, a cyberattack "just" prevents the small business from expanding and growing.

What can Small Businesses do? 

After identifying the restrictions on resources available to small businesses, the ASD and Australian Cyber Security Centre have designed the Essential Eight, a set of best practices for security and small enterprises. These are as follows:

  • Creating, implementing and managing a whitelist of approved applications. 
  • Implementing a process to regularly update and patch systems, software and applications.
  • Disabling macros in Microsoft Office applications unless specifically required, and training employees not to deploy macros in unsolicited email attachments or documents. 
  • Securing the configuration of web browsers to prevent harmful content, hence hardening user applications. Keeping browser extensions up to date and only using those that are required.
  • Restricting administrative privileges to those who need them. 
  • Configuring operating system patching through automatic updates.
  • Using strong, unique passwords and enabling multi-factor authentication. 
  • Isolating backups from the network and performing daily backups of important data.