Search
Steve Schupp (right) with fellow Asterisk directors David Taylor (left) and Greg Roberts. Photo: Gabriel Oliveira

Cyber security a key risk

Low awareness of cyber security risks remains a key issue for the business sector.

Of all the topics that IT consultant Jawid Dadarkar raises with customers, cyber security is among the most common.

“This is one of my main topics of discussion,” Mr Dadarkar told Business News.

“A lot of small businesses are unaware of just what cyber risk is, and how much risk they face.”

(click here to view a PDF version of the full two-article special report)

As managing director of South Perth-based Lindentech, Mr Dadarkar has helped many small-to-medium enterprises deal with the issue.  

“I tell clients 95 per cent of your hacks are going to come from your own people; most hacks are caused by people with a loose password or clicking on a malicious link,” he said.

“I start by saying ‘you need to educate the people you’ve got’.”

Lack of awareness of cyber risk was one of the findings of an ANZ Bank research report, ‘The Digital Economy: Transforming Australian Businesses’.

It found 55 per cent of businesses have little or no knowledge about cyber attacks.  

It also found 5 per cent of SMEs had experienced a cyber attack in the past 12 months, with the average financial impact at almost $3,000.

Asterisk Information Security is a boutique consultancy established eight years ago with a specialist focus on cyber security.

“We saw a need in WA,” managing director Steve Schupp said.

“In our previous jobs we were frustrated by our inability to get the capability we needed.

“The traditional IT providers didn’t have a specialised focus in this area.”

He said the sector had grown rapidly, as reflected in the emergence of competitors such as Diamond Cyber, chaired by iiNet founder Michael Malone.

Other players in the sector include Edith Cowan University spin-out Sapien Cyber, which is backed by Woodside Petroleum, and specialist testing firms such as Seamless Intelligence.

Asterisk offers multiple services, including specialist testing, for its customers, which are mostly larger businesses.

“When we do penetration testing we’re acting like an internet attacker and we’re testing a client’s technical security controls, but also their ability to detect and respond a compromise or a breach,” Mr Schupp said.

“When we do a vulnerability assessment we’re taking a wide look at a customer’s environment and reporting on all the vulnerabilities we find.”

Asterisk also has a consulting arm, providing advice on what controls a customer might need.

“We’re seeing a lot more demand, especially with small digital businesses looking to sell to a big telco or a bank or other big companies,” Mr Schupp said.

“They are asked: ‘What is your security policy and how do you maintain cyber security?’”

Mr Schupp told Business News there were common issues facing businesses of all sizes.

“One of the problems is that people use one password everywhere,” he said.

“They’ve got lots of websites to log into so they use one password.”

Mr Schupp said hackers were very quick to use email and password data breaches.

“They will send in fraudulent invoices or they will get access to internet banking, and change destinations or change transaction details after they’ve been posted.”

Another common risk was ransomware attacks, where hackers drop mailware onto workstations after a user clicks on an email link.

The hacker will encrypt the file server and then hold the business to ransom.

To address these risks, Mr Schupp suggested increased use of multi-factor authentication, such as an SMS code in addition to user name and password.

“Especially on Office 365, that gives you a lot more protection against inbox attacks,” Mr Schupp said.

He also suggested moving away from a single password with the help of password manager software.

“I have a unique password for every website I access but I only have to remember my master password to unlock the password manager,” Mr Schupp said. 

“The effort of remembering all these passwords is taken off my hands.”

Mr Dadarkar also recommends the use of a password manager such as Last Pass, which encrypts passwords, so that clients don’t store passwords on an Excel spreadsheet, for example.

Mr Schupp said all businesses are at risk.

“The hackers aren’t selective. It’s not about your business particularly,” he said.

“For them it’s a volume game. The more inboxes they can compromise, the better chance they have of making money.”

Cisco Asia Pacific vice-president, commercial and small business, Bastiaan Toeset, supported this view.

“It is a bit of misconception that small businesses are less vulnerable to security; they are actually more vulnerable because the impact on their business when they are disrupted is much more significant for them,” Mr Toeset said.

Add your comment

Full-time in-house consultants

32nd-TBH20
33rd-GHD17
34th-Asterisk Information Security16
35th↑Bedivere Group15
36th↓Alphabiz Solutions15
187 consulting firms ranked by number of full-time WA inhouse consultants

ICT & technical professionals

70th↓iQuest Consulting17
71st↓Forest Grove Technology17
72nd-Asterisk Information Security16
73rd↓CT Solution16
74th-Illuminance Solutions16
171 information & communications technology ranked by number of ict & technical professional staff in WA

Number of Employees

BNiQ Disclaimer

Special Report

ICT – small business 2019

ICT – small business 2019

25 March 2019

The challenges of digital transformation and cyber security for SMEs.

Rapid tech changes create challenges

Rapid tech changes create challenges

SPECIAL REPORT: Staying abreast of rapidly changing business technologies is a growing challenge for many SMEs.

Cyber security a key risk

Cyber security a key risk 

SPECIAL REPORT: Low awareness of cyber security risks remains a key issue for the business sector.