The week in security: Protecting small businesses protects everyone else, too

Losses from so-called ‘remote access’ scams – where cold-calling criminals talk their way onto a victim’s computer under the auspices of providing technical support – are already more than double the total for 2017, according to new figures from the ACCC.

Credential stuffing – the reuse of stolen passwords to access other sites where unsuspecting employees have reused key passwords – was also proving expensive, with a new study suggesting that losses have surged to $28.5m annually amongst APAC businesses alone.

Much of the problem is a lack of security sophistication among the general population, and well-meaning but technologically-naïve small business owners are also getting taken.

Yet supply-chain interdependencies mean small-business cybersecurity is important for every business, which is part of the reason that Melbourne-based cybersecurity consultancy Enex Carbon debuted its CarbonCore vulnerability-assessment and response platform, designed specifically for small businesses.

The move was yet another sign that Victoria’s investment in cybersecurity is paying off, state minister Philip Dalidakis said, while the company’s head evoked past experiences in incident cleanup in linking the service offering to the ongoing stream of “devastating” insults that small businesses are suffering every day at the hands of cybercriminals.

One of the less-discussed but faster-growing issues in cybersecurity revolves around the increasing automation of computational processes and the inability of human observers to monitor or verify the machine-to-machine authentication that happens on a near-continuous basis on everyday networks.

Meanwhile, VMware made a security play with the release of an ‘adaptive micro-segmentation’ platform called vSphere Platinum.

Adobe quickly patched a bug in the company’s Photoshop ‘Creative Cloud’, while Cisco was encouraging customers to patch their data-centre switch manager software.