MEDIA RELEASE: The majority of small to medium-sized Australian businesses still need to increase their awareness of cyber security threats, with the ongoing Russia/ Ukraine conflict a catalyst in the reviewing of IT security systems, according to HLB Mann Judd Melbourne risk and assurance director, Kapil Kukreja.
Mr Kukreja – who advises the SME market and government departments – said while the working from home phenomenon of the past two years elevated cyber security for many, the war in eastern Europe has exacerbated the need to review and manage online risks.
“Some businesses naively believe they are either too small or unknown to be a target, but the threats are real and here to stay.
“In fact, hackers are becoming increasingly sophisticated in how they target and attack and it’s no longer a case of if a business should come under attack, but when,” he said.
Australia, along with the US, UK, EU and other governments, have condemned Russia’s aggression towards Ukraine, including the imposing of sanctions. There is a significant risk that Australian businesses could be caught up as collateral damage, particularly those with a presence in Ukraine or NATO countries.
“Australian companies are a part of global supply chains. Some will have either direct or indirect links with Russia and/or Ukraine.
“It’s a well-known fact that Russia is home to some of the world’s most infamous criminal hackers, some of them state-sponsored.
“NotPetya, the cyber-attack by Russian Military hackers is considered to be the costliest cyber-attack in history. The destructive software was hidden in an update of popular accounting software used in Ukraine, but spread worldwide destroying the computer systems of thousands of companies and causing approximately $10 billion of damage.
“Similarly, the Wiper malware, which is currently prevalent in Ukraine, launched by Russia, can potentially spread in several countries within minutes, including Australia,” he said.
Mr Kukreja said companies should take steps to assess their preparedness in responding to any cyber security incidents and should review incident response and business continuity plans.
“Cyber risk should be the number one priority for Australian businesses with company boards and senior management needing to implement adequate security measures as a matter of urgency.
“For SME businesses, the impact of cyber fraud may be more profound, as the security of larger-sized organisations is that much more robust.
“Cyber security is a domain which is changing at a rapid pace, with cyber criminals devising new and sophisticated methods to circumvent the security controls. Organisations that have realised cyber risk is real and can have a detrimental effect on their reputation and operations are already further ahead than many others,” he said.