CYBERSECURITY
 Taking care of business
In the fast paced-food and beverage industry, it is easy for cybersecurity to get relegated to the bottom of the to-do list. Emisoft CEO Christian Mairoll provides some practical advice for SMBs on ransomware security.
should be enabled wherever possible to prevent unauthorised access to company systems, while software security updates should always be applied in a timely manner to minimise
the window of opportunity for an attack.
Last but not least, it is important to remember that there’s no silver bullet for ransomware. While preventative measures go a long way toward reducing the risk of infection, there is no company on the planet that is 100 per cent immune to ransomware, so it’s crucial to have contingency plans in place in case the unthinkable happens.
A response plan should detail exactly what needs to be done in the event of an infection to ensure quick, effective remediation. Many small businesses will not have the resources to address ransomware attacks without external help, so the response guide may be as simple as detailing who to call in the event of an attack and what information should be provided to assist with the investigation.
System backups remain one of the most effective ways of mitigating the effects of a ransomware attack. Many strains of ransomware can spread laterally across the network and encrypt locally stored backups, so businesses should use a mixture of media
THE benefits of beefing up security feel intangible, the time investment seems steep and the prospect of implementing new cyber processes can be overwhelming for small businesses without a dedicated IT security team.
But complacency comes at a cost. Cybercrime, and ransomware (a type of attack whereby threat actors encrypt a target’s data and threaten to release huge swathes of stolen data unless the victim coughs up a hefty ransom) in particular, can have a significant impact on a company’s bottom line.
THE COST OF RANSOMWARE ATTACKS IN AUSTRALIA
On average, victims of ransomware pay more than $154,000 to restore access to their data, while the average cost of downtime exceeds $274,000, according to figures from Emsisoft, a cybersecurity firm headquartered in New Zealand. In total, it’s estimated that ransomware costs Australian businesses more than $2.5 billion annually.
It’snotjustbigenterprises
that are getting hit. While incidents involving major corporations – like last year’s attacks on JBS and Lion – generate significant media attention, the attacks on smaller businesses tend to slip by unnoticed.
At least 2155 Australian businesses were hit with ransomware in 2021, according to Emsisoft data, yet only a handful of incidents were reported on.
HOW TO STOP AN ATTACK
Threat actors often intentionally target small and medium-sized businesses, knowing that they likely won’t have the same cybersecurity resources as their larger, deeper-pocketed peers. But securing the network from ransomware doesn’t have to be an expensive or time- consuming undertaking – all it takes is a bit of planning.
Cybersecurity awareness training is an excellent starting point. Most ransomware spreads through user-initiated actions (like clicking on a malicious URL or opening a bademailattachment),so
businesses of all sizes should take the time to teach staff the fundamentals of cybersecurity. This includes things like knowing how to spot phishing emails, which are commonly used to deliver ransomware, and the importance of creating strong, unique passwords for every account and online service.
 “ Many strains of ransomware can spread laterally across the network and encrypt locally stored backups, so businesses should use a mixture of media storage, and store backup copies both on- and off-site.”
There are also a number of simple yet effective things that can be done at an organisational level. For example, uninstalling and/or disabling any unnecessary applications and services (particularly those that are susceptible to exploitation, like remote desktop protocol, PowerShell, Office macros and Windows Script Host) can be a smart way to limit potential ransomware entry points. Multi-factorauthentication
storage, and store backup copies both on- and off-site. However, it should be noted that backups cannot stop threat actors from weaponising stolen data, which has become a common tactic in recent years.
Ransomware is the single biggest cyber threat facing Australia’s food and beverage industry. Businesses of all sizes need to be aware of the risks and take steps to bolster their ransomwareresilience. ✷
 20 | Food&Drink business | March 2022 | www.foodanddrinkbusiness.com.au