Cyber Risk - A serious threat to your business
01 July 2020
On June 19 2020, Scott Morrison announced that Australia was under attack – under a sustained cyber-attack. According to the Australian Cyber Security Centre (ACSC), “The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.”
Cybercrime is a real threat to businesses and organisations of all sizes and can cost you millions. We urge you to take the time to understand the risk to your business and how you can be proactive in managing this risk.
- Cyber attacks occur in large, medium and small businesses - no business is safe.
- Viruses, ransomware and malware attacks are the most common, which often sends the entire network down and leaves the business unable to operate.
- Cyber attacks result in IT expenses, restoration costs to repair systems and loss of revenue.
- It is now mandatory for organisations subject to the Privacy Act to report eligible breaches. Failure to do so can result in financial penalties of $420,000 for individuals or $2.2 million for companies.
The scale of recent cyber attacks in Australia
Lion – The trans-Tasman dairy and beverages company was hit by a ransomware attack on June 9, forcing it to shut down its key IT systems. There was a concern that all of its documents had been posted online.
Toll Group – The logistics group has been targeted a second time on May 5 where ransomware attacked its commercial and employee da6ta forcing it to revert to manual for parts of its operations. Up to 1000 of its servers were affected with ‘Mailto’ ransomware at the end of January affecting staff worldwide. The company refused to pay the ransom.
BlueScope Steel - BlueScope said that on May 15 its IT systems were affected by a cyber incident, affecting its manufacturing and sales operations in Australia.
Talman Software - The software used by more than 75 per cent of the wool industry in Australia and New Zealand was attacked, encrypting files with the trading database. The February incident halted wool sales across the country.
Source: The Australian, June 20-21 2020.
ACSC identified two key mitigations which, if implemented, would have greatly reduced the risk of compromise.
- Prompt patching of internet-facing software, operating systems and devices All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available. Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.
- Use of multi-factor authentication across all remote access services Multi-factor authentication should be applied to all internet-accessible remote access services, including:
- web and cloud-based email
- collaboration platforms
- virtual private network connections and
- remote desktop services.
ACSC also strongly recommends the implementation of what they call ‘The Essential Eight’. You can download this document here.
Can you insure against cyber attack?
Yes you can. There are two types of cover available to businesses.
Cyber Liability & Privacy Protection
The insurance covers:
- Your liability to third parties from a failure to keep data secure, such as claims for compensation by third parties, investigations, defence costs and fines and penalties from breaching the Privacy Act.
- The costs incurred to respond to a breach, such as IT Forensic Costs, Credit Monitoring Costs, Public Relations Expenses and Cyber Extortion Costs (including ransom payments to hackers).
This insurance provides reimbursement for the Insured's loss of profits resulting from a cyber attack or data breach, as well as any additional necessary expenses it may need to incur to continue business as usual.
Call Austral's team today to find out how we can help you manage your risk and insure against any cyber attacks.