Home office security gaps lure cyber criminals

After suffering its second cyber attack of 2020 in early May, logistics company Toll confirmed last week that a corporate server had been accessed by an outside party and that commercially sensitive information was stolen.  

The server held sensitive employee and commercial information relating to clients and caused the business to shut down its MyToll service for the foreseeable future.

Toll condemned the attack as “unscrupulous”, and said it won’t know the full damage for several weeks as a technical analysis of what was accessed gets under way.  

Toll Group managing director Thomas Knudsen said cyber crime poses an existential threat for organisations of all sizes.

“This is a serious and regrettable situation and we apologise unreservedly to those affected,” Knudsen said.

And while it is surprising to hear of one organisation being targeted in two seemingly separate attacks, the problem looks to worsen in the current climate and can be particularly crippling for smaller players.

“With an increased dependency on mobile devices, remote working using cloud applications and data being used from more locations, the risk of cyberattacks in 2020 is set to skyrocket if businesses don’t quickly close the gaps in their security,” said Kaspersky ANZ general manager Margrith Appleby.

According to data from the Kaspersky corporate IT security risks survey, as many as two-thirds of small to medium enterprises that are targeted by cyber attacks collapse within six months.

Damien Manuel, the chairman of the Australian Information Security Association and director for Deakin University’s cyber research and innovation centre, told Inside Retail that while a lot of businesses have decent corporate security, the issue is made significantly worse with people increasingly working from home.

 “With people working from home now becoming the norm – and potentially the norm moving forward from a workplace perspective – businesses really need to consider that they no longer have a defined perimeter that they need to protect. It’s now about protecting the individual end points,” Manuel said.

Typically, hackers want a combination of money and information.

“You have some that are looking to get billing information changed so people are paying bills to scammers, or invoices that would be paid to a supplier to be paid to a scammer,” Manuel said.

“Then you’ve got another category which is trying to hoover up as much information as possible.”

Sensitive information has monetary value and can be sold to others, such as criminal syndicates or hostile foreign players, for blackmail or criminal purposes.

In the case of Toll, which said its information could end up leaked on the dark web, a buyer could use the information to text or email individuals to say a delivery has been delayed or quarantined, then request an additional fee in order to have the parcel released.

And with the partial closure of physical retail, and the significant uptick in businesses trading online, the issue becomes magnified.

“As retailers move more and more of their services online, it becomes easier for somebody else to start sending fake emails that look like the emails coming from an organisation trying to trick them,” Manuel said.

“As more people naturally trend towards shopping online, you’ve got larger data sets being created of personal information, which can contain things like billing address, postal address, home address, purchase history and more.”

So, what should a retailer do if they become targeted by such an attack? Come clean.

“The retailers that tend to hide and deny that anything has gone wrong are the ones who get punished. The news cycle can go on for weeks and weeks,” Manuel said.

“Whereas when they’re upfront and talk about what was in place and what will be improved in future, customers tend to be more forgiving.”

Comments

Comment Manually