How prepared are Australian SMEs for cyber attacks?

blind spot

Technology advancements and sophisticated cyber criminals are continuously putting pressure on businesses to be one step ahead when it comes to cyber security. With the recently introduced regulations including GDPR and Australia’s Notifiable Data Breach Scheme, never before has there been such a spotlight on SMEs and how they handle their data and information, yet recent findings suggest businesses aren’t prepared.

According to the most recent report conducted by Webroot, compared to our United States and United Kingdom counterparts, which showed 28 per cent and 22 per cent respectively feel they are completely ready to manage IT security and protect against threats, only 12 per cent of Australian SMEs feel they are prepared.

One reason could be a lack of ongoing training for employees. Only 32 per cent of Australian SMEs are conducting continual training throughout the duration of their employment, with almost half (45 per cent) saying they only train employees once, either during onboarding or after a cyber security breach.

Cyber criminals target businesses through their end users. They are an organisation’s first line of defence, but often the weakest cybersecurity link. When users unwittingly click phishing links, open malware attachments or give up credentials and other sensitive information online, cyber criminals can bypass existing layers of security to successfully breach SME networks. We also know that 90 per cent of successful network breaches were caused by user error, so it’s clear this is a key factor to be addressed.

Many workplaces provide guest Wi-Fi or have a Bring Your Own Device policy, and although these are beneficial for flexibility and operational costs, they increase avenues for breaches of cybersecurity. Workplaces often forget mobile when planning for threats of cybersecurity and training.

With ongoing, relevant, engaging cybersecurity awareness training, businesses can significantly reduce the risks they face due to user error. From phishing simulations, courses on IT and security best practices, to data protection and compliance training, your business can significantly change the odds of facing a cyberattack.

With the estimate average cost of a cyberattack in Australia at $994,025, the benefits of investing in end user training and education is clear. Not only will it save you financially, training will ensure the reputation of the business built up over years is maintained and the overall business has a clear and ongoing defence to ultimately keep the business safe from attacks.

Dan Slattery, Senior Information Security Analyst, Webroot