Cyber Security and The Illusion of Invisibility

When it comes to cyber theft, the bigger the firm, the bigger the headline. 

Optus, Medibank, Qantas, Latitude Financial, and the ANU… all of these high-profile Australian organisations have endured unwelcome time in the spotlight after mishandling their customers’ data. Widespread public familiarity with their brands, as well as their large customer bases, made them more prone to negative media attention when their cyber security lapsed. 

Smaller businesses – equally big targets 

The media’s focus on the cyber travails of large organisation can inadvertently create a false sense of security among medium and smaller organisations.  That is, because there’s barely any media coverage of cyber theft from less well-known organisations, medium and small companies can be lulled into dangerous complacency about just how vulnerable and targeted they are.  

The reality is that medium and smaller organisations are prime targets for hackers.  

Illusion of Invisibility 

Because they’re not in the headlines, many medium and smaller businesses assume they’re “flying under the radar” as targets for cyber criminals. However, that’s exactly what makes them appealing targets.   

Hackers reason that medium and smaller firms likely lack the hardened defences of larger organisations – while still harbouring significant and attractive amounts of sensitive customer data. 

Stats tell Story 

Statistics from the most recent Annual Cyber Threat Report from the Australian Signal Directorate (ASD) add further perspective to the comparative threat. 

Last year, more medium-sized businesses reported “Extensive Compromise” cyber attacks than large businesses.   The same was true in the next lower category of cyber severity, “Isolated Compromise”.   

Tellingly, large organisations reported more than three times the rate of success in repelling low-level malicious attacks vs medium-sized organisations. 

A further alarming insight is that the average financial loss incurred by medium-sized organisations due to cybercrime was almost identical to the average financial loss for large organisations.    

Smaller Size, Larger Vulnerability 

The 2024 Sophos Threat Report found that the sophistication of cyberthreats faced by small to medium organisations is often on par with those used to attack large enterprises.  In forums on the dark web where cyber criminals trade tips, it’s been said that the spoils from breaching a larger number of medium-sized organisations more than offsets the returns from less frequently successful attacks on large organisations. 

Sophos found that organisations with fewer than 500 employees were more vulnerable to cyber criminals. Underinvestment in cybersecurity, generally smaller information technology budgets and sometimes, less-experienced IT staff or outsourced providers, all contributed to this heightened vulnerability. 

Sophisticated Threat Landscape 

The cybercriminal ecosystem has evolved rapidly to become ruthlessly efficient. Mirroring the legitimate economy, it now features specialised roles and skillsets, intermediaries and brokers, and sophisticated black market networks to facilitate transactions. 

Ransomware-as-a-service (RaaS) groups lease their code to affiliates, and Business Email Compromise (BEC) schemes exploit social engineering techniques to bypass technical protections. Infostealers quietly exfiltrate login data, payment card info, and browser-stored credentials before victims even realise that anything’s awry. 

Stepping Up Safeguards 

Businesses need to similarly evolve their safeguards.  Spam filters and firewalls are no longer enough.  

The key to successfully defending against encroaching cyber threats is to use a multi-layered strategy which includes robust data transfer protection, phishing campaign detection, prevention of credential harvesting, employee training, and mitigation against BEC attack by analysing behavioural anomalies and sender authenticity in real time. 

A Secure Managed File Transfer solution such as the class-leading GoAnywhere MFT addresses the many risks of ad hoc techniques through a holistic approach to security, including: 

• Automatic authentication, encryption and decryption 

• User access controls 

• Auditing and Reporting 

• Continuous updates on the evolving threat landscape, and 

• Industry standards compliance. 

  
  

A further defensive layer - our Advanced Threat Protection Bundle - can mask, remove, or permit Personally Identifiable Information to be moved within your organisation and beyond, via a Secure ICAP Gateway.  

Invisibility Isn’t Security 

Just because smaller firms aren’t in the headlines, don’t assume they’re not falling prey to cybercrime.  The seductive illusion of “flying under the radar” is exactly what makes smaller organisations appealing targets.   

And, because they often lack the hardened defences of larger organisation - while still handling sensitive data - they’re more vulnerable to the threats. 

Here to Help 

At Generic Systems Australia, we’re Australia and New Zealand’s local experts in helping businesses add the protective layers of Managed File Transfer and Adanced Threat Protection to their cyber defences.  

If you’d like to discuss how we can help your organisation, please feel welcome to contact me.  I’m always happy to have an obligation-free chat and explain how easily we can step up your cyber security.   

At Generic Systems Australia, we’re your local experts in Managed File Transfer.