Login
iscover
Small businesses should take steps to guard against Russian malware, a specialist says.
Newsletter
Cyber war right on SME doorstep
11 April 2022
•
9 minute read
The war in Ukraine is spilling over into cyber threats to Australian small businesses and they should be urgently reviewing security, said an HLB Mann Judd specialist.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Risk and assurance director Kapil Kukreja said some businesses mistakenly believed they were too small to be a target – but the threats were real.
“Hackers are becoming increasingly sophisticated in how they target and attack and it’s no longer a case of if a business should come under attack, but when,” he said.
He said Russia was infamous for its criminal hackers, some of which were state sponsored, and Australia’s stance on the war in Ukraine meant businesses here could become collateral damage.
“Australian companies are a part of global supply chains. Some will have either direct or indirect links with Russia and/or Ukraine,” he said.
“NotPetya, the cyber-attack by Russian military hackers is considered to be the costliest cyber-attack in history. The destructive software was hidden in an update of popular accounting software used in Ukraine, but spread worldwide destroying the computer systems of thousands of companies and causing approximately $10 billion of damage.
“Similarly, the Wiper malware, which is currently prevalent in Ukraine, launched by Russia, can potentially spread in several countries within minutes, including Australia.”
The Australian Cyber Security Centre has issued an advisory urgently encouraging local organisations to boost their cyber security in light of rising international tensions with Russia.
Mr Kukreja – who advises the SME market and government departments – said small businesses especially should assess their preparedness for a cyber-security incident, and review their response and business continuity plans.
“For SME businesses the impact of cyber fraud may be more profound, as the security of larger sized organisations is that much more robust,” Mr Kukreja said.
He cited a case in which a finance team member at one SME was sent an email, ostensibly from a vendor, asking them to record new bank details. The finance member duly updated the vendor record. When a $1.7 million payment was made to that vendor, it went into the hacker’s bank account.
The breach was identified when the vendor asked why they had not received payment and processes to update records were subsequently changed.
“Cyber security is a domain which is changing at a rapid pace, with cyber criminals devising new and sophisticated methods to circumvent the security controls,” Mr Kukreja said.
“Organisations that have realised cyber risk is real and can have a detrimental effect on their reputation and operations are already further ahead than many others.”
You need to be a member to post comments. Become a member for free today!
