The insights as summarised in this article were provided by Martin Boyd, former Executive Manager of Cyber Security for CBA and founder of Vertex Cyber Security, through the workshop Protect Your Startup from Being Hacked.
How a cyber attack can affect your startup
Cyber security is a major issue for companies. Data breaches are happening to many companies every day, and it's important for you to be aware of this. According to the Australian government, thirty-three percent of businesses experience a cyber crime that would cost them $276,000 on average.
Unfortunately, the attackers have the advantage. They need only succeed once, so it's important that you have multiple layers of protection so that by the time they get through one or two layers, they will give up before getting to the important data. You can't rely on just one layer because if it fails, it will have significant ramifications. The question is when and how big the impact is going to be, not whether it will happen.
Small businesses and startups are particularly vulnerable, with sixty percent of them failing within six months after a breach. The impact can be severe, including reputational damage, loss of sales, and loss of existing customers. This is especially dangerous for businesses that are already struggling financially.
Cyber security secret sauce
To really understand cyber security, you need to know the three important elements: People, Technology and Process.
Cyber security isn't just about the technical stuff. When people use your systems, they need to know how to use them safely and protect them from harm. This means educating everyone (e.g. employees, users, contractors, vendors) who uses your systems about potential risks and how to minimise them. It also means creating a culture of security where people feel safe reporting any problems they see.
The technology you use to run your systems is a big part of cyber security. You need to make sure it's secure and that nobody can break in through a security hole. This involves making sure all the technology you implement is designed and built with security in mind. You also need to test it regularly to make sure there are no weak spots.
Finally, you need to have the right processes in place to make sure your cyber security plan works. This means setting in place rules and procedures that people need to follow to keep your systems safe. It also means regularly checking to make sure everything is working as it should and fixing any problems that come up before they become significant.
What do cyber attackers do?
To know what you should focus on as the first step to protect your business, we’ll explore the three main things most cyber attackers are doing.
1. Online reconnaissance
When hackers want to attack a business, the first thing they do is search the internet for information about it. This is called online reconnaissance. If you have a lot of information available online, it's easier for hackers to find weaknesses and plan an attack. So, if you have a big online presence, like a website or social media accounts, you’re more likely to be targeted. It's important for you to be aware of this and take steps to protect your business from cyber attacks.
2. Phishing attack
Hackers often use LinkedIn and other social media to find information about businesses they want to attack. If you're on their target list—or even if you're not—they may start sending phishing emails to your employees within a week of being added to LinkedIn. In doing so, they can obtain information that can help them break into your systems.
To protect your business, it's a good idea to remove personal information like names, phone numbers, and email addresses from your website. You should also be careful about what you share on social media and LinkedIn. Sometimes, hackers get lists of emails from data breaches, which they can use for phishing attacks; but this is more common with consumers than businesses.
3. Website vulnerabilities
If the hackers are unsuccessful with phishing, they may try to exploit vulnerabilities on your website. For example, they might look for connections between your website and the customer relationship management (CRM) system, and try to access it. If there are any weaknesses on your website, they might be able to use them to gain access to your sensitive information. It's important to keep your website up to date with security measures to prevent hackers from finding and exploiting vulnerabilities