Cyber Vigilance Update

Today’s Connection

Office Alert

Check then Click.

One quick Click can cost your business big!!

It has been recently revealed that the costs of email-based attacks to businesses in Australia and around the world runs into millions per year.

Email is a trusted and vital communications channel, which unfortunately makes it an attractive target for cybercriminals. It is expected that email-based attacks will become increasingly sophisticated, leveraging AI and advanced social engineering as they attempt to obtain the data or access, they want and evade security measures.

A 2022 Survey spanning 1,350 participants from Australia, Europe, the US, and India – found that three-quarters of all organisations polled were impacted by a successful email attack, and the costs are alarming.

The scope and monetary cost is daunting. A single email attack can cost an Australian business on average $1.4 million, a figure that is a sharp increase from 2021. This average cost is obviously driven up by the significant impact on high profile, big business attacks, whilst numerous small businesses are simply forced into liquidation by the sheer scale of the impact.  This figure is very similar globally with 80% of respondents reported that the cost of an attack had risen since 2021.

Monetary impact aside, these impacts are wide ranging and just as impactful. Nearly half of Australian businesses reported disruptions to their day-to-day operations and a drop in productivity from employees, whilst they felt the breaches caused damage to brands and reputations. 

The effects of these email attacks can vary between industries, with finance businesses facing a loss of data and money whilst healthcare cited the high cost of recovering their brand reputation and sale volume from an attack. 

It was noted that many companies felt they are not prepared to handle malware or data loss, and many saw that the rise in working from home during and since the pandemic has increased the risks associated with email attacks. Companies with more than half their workforce working remotely were found to be more likely to be attacked.

What can you do?

  1. Be cautious of emails from unknown senders, especially if they ask you to click on a link or download an attachment.
  2. Don't click on suspicious links in emails, that is, don’t click unless you are sure that they are legitimate. Hover your mouse over the link to see where it leads before clicking.
  3. Verify the sender's email address to make sure it is legitimate. Attackers often use fake email addresses that look similar to the real ones.
  4. Use strong passwords for your email accounts and don't use the same password for different accounts.
  5. Enable two-factor authentication for your email accounts to add an extra layer of security.
  6. Keep your software and operating system up-to-date with the latest security patches and updates.
  7. Be wary of emails with urgent requests that ask you to act urgently, especially if they ask for sensitive information like your password or credit card details.
  8. Use spam filters to block unwanted emails from known phishing sites.
  9. Educate yourself on the latest phishing techniques and stay up-to-date on the latest security news.

A growing awareness and understanding of email risks and the types of protection needed will be key in keeping organisations and their employees protected.

Home Alert

A scammer’s Thorn surrounds a rescuer’s Rose.

Give Wisely and Carefully.

We cannot be anything but horrified and saddened at the destruction and loss of life from the Syria and Turkey Earthquake. As if the local situation is not challenging enough there are those who seek to exploit the situation for their personal gain.

While rescuers are still working through rubble in a desperate race to find survivors, there are real fears that scammers will take advantage of the disaster through donation scams and malware attacks.

The most common scam involves fake donation websites. But also, malware can be disguised as a video or images from the affected region.

These types of activities are not limited to international events. Following the recent flooding in New South Wales, a number of fake charities were created, along with a range of online scams using social media to solicit donations. 

What can you do?

A key approach is to stay away from charities you have not heard of. If you know people in Turkey and Syria, they may be the best sources for finding out how you can help or reach out to known and credible charities.

Scammers may well also try to reach out to people from Turkey or Syria, using scam emails or phone calls to ask for money on behalf of friends and relatives. Social media contacts should also be scrutinised.

Lastly, scammers will be taking advantage of people with the best of intentions, googling for a way to help. Be careful of any results you find this way.

The unpredictability of natural disasters can provide a lag between the event and the scam but this makes the impact of the scam no less dangerous.

It is strongly encouraged for people to be extremely careful and not click on links or give out personal information such as bank details in response to random messages received via text or social media.

The efforts of all those helping people in need should be applauded and respected. They need our help, but we need to ensure we help them and not the scammers.

This week's Training module


Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance