Australian small businesses are most at risk of ransomware attacks because they sit at the juncture of money and vulnerability.
To date only 12 Australian businesses have been hit by the global ransomware WannaCrypt and WannaCry. Unsurprisingly the victims were all small businesses.
While Australian businesses seemed to largely avoid the chaos, both the government and experts have warned small business lacks the resources and knowledge to ward off cyber crooks.
"Wake up call" for small and medium business
Australian Chamber of Commerce and Industry chief executive James Pearson said while big companies and the government understood the threat of cyber attack, many small businesses did not fully appreciate the problem.
"Often the people running them aren't fully aware of the risks and don't have the tools available to mitigate them," he said.
"I hope that the publicity given to this latest ransomware attack will be a wake-up call for small and medium businesses across the country."
Why small business is targeted
“Small businesses are frequently a more appealing target for ransomware because they sit at the juncture of money and vulnerability. They frequently have more money than individuals, but being small businesses, they lack the more sophisticated defenses that larger business have. - Ryan Olson, director of the Palo Alto Networks Unit 42 cybersecurity threat intelligence team.
“These attackers have also learned that the most profitable method is to hit many small businesses with low ransom demands—usually $300 to $2,000. Even small businesses can generally afford to pay those amounts.” — Eric Hodge, director of consulting, IDT911 Consulting
What can small business do?
"It's sad because most small businesses can't really afford to lose $300 or $500 to a hacker, but it is happening all over Australia, more often than you might believe.
"I often meet small business owners who have only made contact with VoicePlus because they have already been the victim of ransomware, and don't want a repeat attack."
To avoid being caught is simple, says Cutugno.
- Never open an attachment or click on links in e-mails, if you do not know the source.
- Use a browser extension that detects websites that are malicious.
- Use security software and a firewall.
- Back up your data every day. This enables businesses to recover files prior to ransomware setting in.
Small business can not afford to spend thousands on network security, but also can not afford to do nothing. VoicePlus has inexpensive solutions designed specifically for small business including threat monitoring.
Investigating why Australia was spared
The Prime Minister's Cyber Security Advisor Alastair MacGibbon and officials from the Australian Cyber Security Centre have launched an investigation into how Australia avoided the worst of the attack, which hit 200,000 companies and organisations in 150 countries by locking computers and holding users' files for ransom.
"We may have dodged a bullet this time but rest assured there will be another bullet we'll have to dodge in the future," Assistant Cyber Security Minister, Dan Tehan, told The Australian Financial Review.