A summary of Redcat’s recent Data Security event, with guest speakers Darren Hopkins and Amir Ansari.
One of the greatest assets your business has is its data. But that data is not only valuable to you, it is pure gold to hackers, who use it to generate income for their businesses. Because hacking is a business – a criminal business, but one that is well-organised, structured and highly focused. Cybercrime and data breaches often cost companies millions of dollars, but other hackers work at a smaller scale, such as those who hack loyalty cards and sell the free drinks that the card holder has earned.
Cybercrime is a threat at all levels – and that’s why Redcat invited ‘the godfather of cybersecurity’, Darren Hopkins, to speak to hospitality businesses at our recent Data Security event. Darren is formerly of the Queensland Police computer crime unit and now works with businesses to help them respond to security incidents. We’ve summarised Darren’s key points here, and included a link at the end where you can watch the entire talk.
The scale of cybercrime in Australia
Darren started by outlining the scale of cybercrime in Australia – the Australian Cyber Security Centre (ACSC) recorded $33 billion in losses in 2023 and get one call every six minutes. When you consider that private organisations are not mandated to report, then that figure clearly does not represent the whole picture. Darren’s company handles 120 breaches a year and is actively working on three or four at any one time. Research from YouGov found that 56% of respondents had had a ransom attack in the last 5 years. Preparation for cybercrime is growing however, and 61% of businesses now say they have an incident response plan.
How do hackers attack?
Darren explained that the two key forms of attack were ransomware and business email compromise. Of the two, email compromise is the more frequent – Darren’s company is currently working on 19 mailbox compromise frauds compared to three ransomware demands. The key difference is that with ransomware, the company can make the decision on whether to pay the ransom or not. Email compromise leads to fraud, which happens very quickly, often before the company even knows there’s been a breach. Darren cited the example of two current cases where hackers stole over $3 million in just four days.
How do breaches happen?
The key causes of cybersecurity breaches are:
- Software vulnerabilities – hackers find a way into a system.
- Loss of identity – a valid username and password are stolen, often through a phishing attack and used for credential stuffing
- Human error, coercion or deceit – hackers pay a user for their login information (especially those with admin level access) or coerce them into sharing details. AI voice cloning and deep fake image creation have exacerbated this issue.
What is the impact of a breach?
A cybersecurity attack has the power to significantly damage, or ruin, a company’s brand reputation. Australia saw this with the Medibank attack: Medibank chose not to pay the ransom the hackers made sensitive data public and then publicised a message to Medibank customers: ‘We asked for $1 per record, and Medibank does not value your privacy at $1.’
Optus went from being in the top seven Australian brands to the least trusted.
That may explain why, in around two thirds of ransom cases, the company negotiates with the hackers and pays the money they’re demanding, with the average payment being $1 million.
Darren gave some examples – a company he negotiated for who paid $10 million, and another who, despite having backups of their data, paid the ransom because restoring from backups would take eight to twelve weeks, and paying the ransom got them operating again in two weeks.
What can you do to enhance your protection?
Darren’s shared the following tips:
- Keep your software patches up to date – software companies are constantly blocking the vulnerabilities that hackers have found in their software, so use the patches and updates that companies like Microsoft issue weekly.
- Make sure your software versions are up to date and still supported by the vendor, such as Microsoft and their support of Windows.
- Protect against phishing with multi-factor/ two-factor authentication (MFA or 2FA). 30% of all ransomware attacks start with phishing, and MFA offers almost 100% security against automated cyberattacks. When Google auto-enrolled 150 million users in 2FA, they saw a 50% decline in compromised accounts.
- Have multiple passwords for different systems – so that even if one is compromised, the scope of an attack is limited. This will stop accounts being compromised by credential stuffing.
- Update or replace older IT systems, which have more vulnerabilities, such as old POS terminals that have an old unsupported Windows version.
- Staff training – ensure that all staff are aware of the importance of cybersecurity and their role in protecting the company’s data.
- If you use an external IT provider, assess them to ensure they are maintaining a strict security posture.
- Use smart design – when security becomes ‘too hard’, users will circumvent it. For example, show the password criteria and encourage strong passwords. Make security a shield, not a barrier.
That’ a short summary of Darren’s presentation – he also shared detailed statistics about cybercrime in Australia, fascinating insights about the structure of the criminal ‘franchise’ organisations, and a chilling audio recording of a ransom message. He was joined by UX designer Amir Ansari who spoke about the importance of design in promoting security and answered questions from the audience.
You can watch the whole event here:
