No, you weren’t imagining it – 2021 really was a cybersecurity nightmare for many Australian businesses. Proofpoint’s 2022 State of the Phish report has just been released and boy is it a shocker.
It examined responses from 600 information and IT security professionals and 3,500 workers in Australia, the US, France, Germany, Japan, Spain, and the UK.
The report put facts and figures behind what many business owners already suspected – cyber-attacks increased in 2021 with 78 percent of businesses experiencing email-based ransomware attacks and 77 percent facing business email compromise (BEC) attacks. That’s an 18 percent increase from 2020!
Attacks in 2021 also had a much wider impact than in 2020, with 83 percent of surveyed businesses revealing they experienced at least one successful email-based phishing attack, compared to 57 percent in 2020. Additionally, more than two-thirds of businesses said they dealt with at least one ransomware infection originating from a direct email payload (for example, impersonating an executive or vendor compromise/conversation hacking), second-stage malware delivery, or other attacks. The year-over-year increase remains steady but shows the challenges businesses faced as ransomware attacks surged in 2021.
While cybercriminals still target technical vulnerabilities within your systems, it’s clear that they are now more focused than ever on compromising your employees.
So, with the rise of hybrid work and work-from-home arrangements, it’s important to prioritise regular cyber security training and create a culture of security within your business.
For example, training around basic Wi-Fi network security as 97 percent of surveyed employees said they have a home Wi-Fi network, but only 60 percent said their network is password-protected. This creates a considerable risk for your business and bottom line.
As many scams happen via online transactions, it’s a good idea to collaborate with your bank to implement more security controls for online banking, for example:
Out-of-band authentication is a popular solution, and it means that a transaction that is initiated via one delivery channel, like the internet, must be re-authenticated or verified by an independent delivery channel, like a phone call, for the transaction to be completed.
In conclusion, cybercriminals aren’t going anywhere and in fact, they are getting smarter. As a business owner, it’s important to stay up to date with technology and training that protects your business and your staff.
If you’re not sure where you stand in terms of cyber security, get in touch with us on 08 8354 6700 or email us to get started.
*Sources – Proofpoint – 2022 State of the Phish report