Adam Irwin (Pitcher Partners) on how to mitigate cyber attack risks

17 October 2021 Consultancy.com.au 5 min. read
More news on

Have you ever received a suspicious email stating “an urgent wire transfer” or notifying you that “your bank account has been disabled – verify your account now”? Well you are not alone. Adam Irwin, Managing Partner of Pitcher Partners in Sydney, sheds light on the growing threat of cyberattacks and outlines what can be done to mitigate risks. 

With our lives largely remaining online due to Covid-19, malware attacks have soared with the Australian Cyber Security Centre (ACSC) receiving 22,000 calls to its Cyber Security Hotline, with an average of 60 calls per day. This is an increase of 310% from the previous financial year. 

According to the government’s Scamwatch, there have been over 45,000 reported phishing attacks in 2021 so far, totalling to a financial loss of $3,305,00 and 81,618 reported attempts to gain personal information. Many of these phishing attempts are email spam that are easily identifiable, often having misspelt or suspicious email addresses, and poor English and grammar.

Adam Irwin, Managing Partner, Pitcher Partners

However, some attacks are more sophisticated and harder to identify. Advanced cyber criminals use information gathered from social networks and compromised accounts to target a single individual in the attempt to trick them into handing over further information, confidential data, or money. 

Such sophisticated attacks allow perpetrators not only to access their victim’s information but to also install malware onto their victims’ computers so that they can continue to be monitored. Cyber criminals today have more entry points than ever before, with business email compromise one of the most common attack vectors. 

When in doubt, do not click

Ideally, your organisation has effective tools in place to limit the number of phishing emails. Because nothing is fool proof, it is imperative to identify the signs. Keep an eye out on reported phishing scams and contact addresses, making note of reoccurring tricks and techniques used. If you receive a scam, then it most likely has been sent to someone else in your organisation before. 

Even if no one is aware of the potential threat, it is best to immediately notify your security team, so that they can act accordingly. 

Judge a book by its…lack of security

Our increased adoption of social media and online platforms has provided an opportunity for cyber criminals to know more about us than they should. Pinpointing the average, unbeknownst joe.

Be wary of website security when submitting sensitive information. If you are uncertain about the website, then you can also check a website’s security certificate, to ensure it has been issued to the organisation you intend to submit the information to, by clicking on the closed lock icon in the address bar. If the site is missing one or all of these features, then it is a sign that it is not secure and therefore unsafe to use. 

Start by not opening an email from a sender you are not sure of. The email URL is the first check point to confirm whether the email is legitimate or a phishing attack.

Do not open any websites or attachments that look suspicious or have been blocked by your browser or organisation. These websites or email attachments have most likely been compromised and can put you at further risk. 

Never forget to check

Although it may be difficult to stay on top of all your online accounts, it is important that you do. When monitoring your accounts, look out for suspicious activity, such as payments that you did not make or unusual log in times and locations. 

Security starts with individuals safeguarding their login credentials for their cloud-based office suite. If compromised then an attacker could have access to your email files, chats, documents and more. 

To avoid criminals from accessing your online accounts it is best to maintain password hygiene. Long gone are the days where using the password Sundayroast123 to secure your accounts would be classified as a clever idea. As outlined by Cyber Aware, ensure to regularly change your password using strong, unique passwords that consist of a combination of characters, numbers, and symbols. 

Another security layer that organisations are already implementing across their remote workforce is two-factor authentication.

Using two-factor authentication methods such as SMS verification, authentication apps or biometrics will add an additional layer of protection with your log-in requiring both your set password and an autogenerated code that expires at a rapid pace. This will add a level of complexity to your account security, making it difficult for cyber criminals to successfully enter your account. 

Be cyber aware

Targeted cyber-attacks often rely on an employee taking the bait and bypassing technology controls put in place. By introducing training and phishing simulation systems into your business you can raise and measure each employee’s cyber awareness maturity, reducing the human factors involved in successful cyber-attacks.

Such platforms typically work by sending your employees regular training material, and follow up quizzes, to educate them on various aspects of cyber security. In addition, simulated phishing emails help to track the cyber-security maturity of the organisation and individuals. 

To mitigate risks, employees are often the first line of defence and they need to know how to identify suspicious emails or activity. Awareness training is therefore a must as part of a comprehensive security approach. 

Continue with caution

If you remain alert and maintain awareness of cyber criminal’s techniques, look out for signs of dodgy websites, and monitor your accounts and passwords frequently, then you will be a hard target to deceive.