Versions Compared

Version Old Version 2 New Version 3
Changes made by

Jodie Miners

Jodie Miners

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Whilst I want you to actually know what the risks are about not having a good Cybersecurity strategy for your business, we don’t need to labour on all the FUD.

So here is all some the FUD I can find, so you can get it all in one place, and we don’t need to talk about it much again, except where it raises questions specifically related to your business. (NOTE: There is far too much FUD online to list it all here, so I’m sticking with government and industry resources).

All of the types of threats

...

  • Account Compromise

  • Business Email Compromise

  • Cryptomining

  • Data Breaches

  • Hacking

  • Identity Theft

  • Malicious Insiders

  • Malware

  • Phishing

  • Quishing

  • Ransomware

  • Scams

There is also the NIST page on Cybersecurity Risks

Annual Cyber Threat Report 2024

...

A newish part of the report is AI and cybercrime. This will become a much bigger area that we need to be aware of.

AI and Cybercrime

Supply Chain Attacks

One of the biggest and well known Supply Chain Attacks in recent years was Solarwinds, then there was the US pipeline incident, so the term has been in the news a lot more in the past few years.

Australia - Information page on Supply Chain Attacks

Beware of your MSP

MSPs have a very important role for Small Businesses, and become a key part of your team, but they can be targets for cyber crime also - and that can affect you. This is a type of supply chain attack. This article includes tips on how to engage with MSPs securely, and details the issue where an MSP was hacked.

Alerts and Advisories

The ACSC’s page that lists all the critical vulnerabilities they think you need to know about. If you’ve heard of the terms CVEs or KEVs, then this is where you will find them. But for many small businesses, you won’t have the hardware or software that these are affected. When you start to hear it on the news (eg Log4J), then you probably need to start thinking about it. However, if you do have servers, or hardware connected to the internet, then you do need to know about this stuff, unfortunately. Of course, your first step is to ensure all your devices are set to auto update, so any issues are resolved as quickly as possible.

...

The starting point for finding out what to do if you think you have been hacked.

Beware of your MSP

MSPs have a very important role for Small Businesses, but they can be targets for cyber crime also - and that can affect you. This is what is known as a supply chain attack. This article includes tips on how to engage with MSPs securely, and details the issue where an MSP was hacked

SAAS Shared Responsibility Model

This is less of a FUD topic, but one that is important, as we all use Software as a Service. Just because you have a shiney SAAS app that promised you the world, it does not make it secure. You can easily share a sensitive document publicly on Dropbox, or inadvertently release customer data in a misconfigured AWS S3 bucket, or have your Salesforce set up in a way that shares all the data in Salesforce with another SAAS app you are integrating with. And all this is your responsibility.

OWASP Top Ten

Now, most small business won’t need to know anything about it, but if you have a Web App of any kind, or even just a website where users log in, then this is when you need to start knowing about these risks. I’m including it here because you may have heard someone techy mentioning the name OWASP Top Ten or Cros Site Scripting (XSS) or Injection Attacks. But this is where you will need a Trusted Advisor to help you out with this level of detail.

Not included on this list

...