Small businesses are experiencing a rise in cyber attacks, with 4,255 reported incidents of email compromise scams in the 2019-20 financial year, costing over $142 million, according to the Australian Cyber Security Centre (ACSC).
Cyber criminals use business email compromise (BEC) scams, involving email, instant message, SMS and social media tactics, to fraudulently access the money and goods of businesses.
BEC scams strike large and small businesses alike.
Last week, for example, hedge fund Levitas Capital was forced to close after a fake Zoom invitation resulted in the approval of $8.7 million in erroneous invoice payments.
Bohemian homewares business Sage and Clare lost $10,000 after the owner paid what she thought was a legitimate invoice to a China-based supplier, which turned out to be fraudulent.
Since the pandemic began in March, there has been a “significant increase” in the use of BEC scams by cyber criminals, according to Australian Cyber Security Centre head Abigail Bradshaw.
“This type of fraud has been used to hoodwink many Australians and Australian businesses, out of often very large sums of money,” Bradshaw said in a statement.
In a survey of 1,700 SMEs, 72% of small businesses said they experienced a cyber incident and also thought it was likely or almost certain they would experience another incident again.
The same study by the ACSC found 50% of SMEs either cannot afford or choose not to spend more than $500 on IT security annually.
One-in-five small businesses using Windows have an operating system that stopped receiving security updates in January 2020.
And only 3% of sole traders outsource their own cyber security, compared to 35% of businesses with between five and 19 employees, ACSC said.
The federal government has launched several initiatives in response to the increase in cybercrime.
There’s the ACSC Small Business Cyber Security Guide, an 11 Step-by-Step Guide on how SMEs can improve security, and COVID-19 guidance for small businesses operating remotely during the pandemic.