The cybersecurity share economy: how to help SMEs most at risk

cyber attack, vulnerable, cyber criminals, myths, cyber threat

Malware, phishing and ransomware attacks have become a harsh reality for many SMEs with less stringent cybersecurity defences. As cybercrime becomes more professional and automated, cyber threats can be potentially deadly for SMBs who risk lost revenue and clients, reputational brand damage and negative impacts on staff.

The Australian Cyber Security Centre (ACSC) received more than 67,500 cybercrime reports during 2020-21, up nearly 13 per cent from the previous financial year, largely driven by more online engagement and increased use of connected devices due to pandemic-driven remote working and adoption of cloud-based solutions. 

According to the ACSC, small businesses reported more cybercrime than in the previous financial year and medium-sized businesses had the highest average financial loss per attack. BlackBerry’s 2022 Threat Report also found SMEs suffered about 13 threats per device, far more than larger enterprises.

Understanding cybercriminals

Cybercriminals can be clumsy, leaving behind playbook text files containing IP addresses, according to BlackBerry’s 2022 Threat Report. This suggests while the ransomware may be sophisticated, it’s being sold to common cybercriminals. Malware tools such as backdoors, infostealers and even ransomware used to take down the US Colonial Pipeline are being sold to anyone on the dark web.

To add to this, rising use of digital channels has brought old tactics such as phishing and watering hole attacks back into fashion, predominantly due to their ability to scale. These tried-and-true tactics will be continually used as we see innovations like augmented reality and the metaverse develop and enter the mainstream market. 

While SMEs with remote workers are struggling to secure countless unmanaged employee devices, some groups are exploiting personal devices used for work-related tasks like checking email and accessing documents. Others engage in massive phishing campaigns to fool people into clicking on an SMS link, scanning a ‘bad’ QR code or posing as legitimate software installation.

Leveraging shared cybersecurity resources

Many SMEs rely on legacy antivirus software and infrastructure which can’t scale to combat the cybercriminals’ sophisticated methods.  They also struggle to find skilled cybersecurity people to manage it. Governments and leading cyber organisations, however, have taken positive steps to help. The Five Eyes guidance, the Global Cybersecurity Alliance (GCA) and the Australian Cyber Collaboration Centre (A3C) have announced a range of free tools and services to help companies stay safe online. There are also Australian government tax incentives available to small businesses for digital software investment and skills and training.

Many enterprise security teams are challenged by increasingly sophisticated attackers moving at speed across larger attack surfaces. So, what about those companies that have one or two IT employees (if any) trying to do it all?

This is where subscribing to a managed Extended Detection and Response (XDR) service can arm SMEs with enterprise-grade skills and protection at a fraction of the cost, thanks to a shared service model. Using Artificial intelligence (AI) cybersecurity tools as a force multiplier, XDR gathers enriched threat intelligence across the entire attack surface, contextualised to improve human and automated response actions. A cybersecurity analyst will lose valuable time sifting through alerts, whereas a managed XDR service provides automated 24/7 threat monitoring and a team of experienced technical experts. This significantly eases the stress-levels and burden on management and internal staff, giving them time back to focus on other important tasks.

Given the volatility of the current threat landscape, tools and support that take the pressure off stretched security teams are essential. A prevention-first model, leveraging AI and shared services like XDR, will not only protect data and endpoints, but will help SMEs save time and money. By creating these new efficiencies, management may then have some breathing room to train and upskill existing staff, reduce stress and improve the workplace culture. Happy staff, happy customers!