Research shows that when it comes to SME cybersecurity, the smaller the businesses, the greater the degree of apathy. However, no organisation is “too small to target”. For cyber-criminals, size truly doesn’t matter.
The recent spate of attacks on small to medium sized business in Australia is a perfect case in point. The latest AlphaV (a.k.a. Black Cat) cyber-attack targeted Core Desktop, and ultimately its customers. Pathology company TissuPath, real estate agency Barry Plant, law firm Tisher Liner FC Law, and owners’ corporation service provider Strata Plan (all IT service provider Core Desktop customers) suffered attacks after its cyber-defences were hacked. It’s reported that the hack on CoreDesktop itself was via a simple phishing attack.
But, it seems that TissuPath may have suffered the most pain as AlphaV claims to have stolen a whopping 446 GB and 735,414 files of unencrypted sensitive health and patient data it plans to release on the dark web.
Although the sizes of the now infamous Optus, HWL Ebsworth, Medibank and Latitude Financial data breaches (unencrypted data) make this latest AlphaV effort pale into insignificance, the implications of more recent attack are nonetheless very significant. All involved are small to medium size businesses (SMEs).
If data is deemed to have value, no matter what the organisation’s size, cyber-criminals will target it. Size does not matter.
Like Australian cyber agencies, the UK government and its cyber agencies have warned all businesses they may be targets and highlighted that SME cybersecurity should be a priority, and that smaller organisations must assume they will be included on cyber-criminals’ lists.
The irony is that Core Desktop’s 2017 blog archive includes a valuable piece and security information for small businesses: “Could your business be a target for hackers?”
Cybersecurity, like ‘accounting 101’, is a fundamental business skill today. No business can afford not to have (or source) expert cyber-defences and data protection. Whatever defences may be in place, there must also be an assumption cyber-criminals may penetrate them – requiring all sensitive data be encrypted.
Useful links:
BLOG: UK Survey Highlights Cybersecurity Apathy Amongst Smaller Businesses