The Australian Government recently released the Australian Cyber Security Strategy 2020, highlighting a $1.67 billion funding boost to be used over the next decade, to achieve their “vision of creating a more secure online world for Australians, their businesses and the essential services upon which we all depend”. The strategy aims to protect Australia’s public and private sectors from the increasingly volatile local threat landscape that sees the Australian Cyber Security Centre (ACSC) field an average of 144 cybercrime reports a day, or one every 10 minutes.
Particularly with the spike in remote working and digitisation of operations, SMEs are increasingly targeted by cybercriminals as they are viewed as vulnerable entities and promising access points to governments, enterprises and critical infrastructures. As such, SMEs consistently bear the brunt of cybercrimes – a recently released ACSC Small Business Cyber Security Survey showed 62 per cent of small businesses had previously been a victim of a cyber security incident.
Bootstrapped, under-skilled and under-resourced in the fight against cybercrime, SMEs will certainly be afforded some level of relief by the government initiatives set out in the Strategy, which aims to provide them with a basic foundation on which to protect their business from cyber threats.
How the Cyber Security Strategy aims to assist SMEs
A $12.3 million expansion of the ACSC’s 24/7 advice hotline, an $8.3 million Cyber Security Connect and Protect Program that will equip trusted organisations to improve the cyber security of their local SMEs, the roll-out of threat-blocking technology and strengthened capabilities of law enforcement are just some of the ways the government plans to bolster SME’s protection against threats through the Cyber Security Strategy.
While these initiatives are commendable, they alone will not fulfil one of the Strategy’s key purposes – to increase the cyber security awareness within the industry. Throwing money at upgrading security systems will only go so far if SMEs leaders can’t ensure all staff are able to recognise and practise basic security hygiene such as spotting phishing emails, not clicking unknown links, etc.
The role of SMEs in deploying the Cyber Security Strategy
Even the ACSC’s proposed Small Business Cyber Security Guide, and cybersecurity training programs dedicated to helping SMEs fail to address a fundamental part of the problem – awareness.
Leaders of Australia’s SMEs must prioritise and plan for the integration of said guides and training programs to ingrain cybersecurity into their organisations’ culture. According to the recently released survey by the ACSC, 1 in 5 SMEs did not know the term “phishing” and almost half rated their cyber security understanding as ‘average’ or ‘below average’ and had poor cyber security practices. By taking the time to utilise the provided resources to skill-up and educate teams, SMEs are investing in a safer future for their business, for their customers as well as employees.
For SMEs looking at ways to reduce overheads and costs to survive today’s ever-changing economy, investing in time and resources to reap the full benefits of the strategy may seem like a burden. The reality is that many organisations have pieced together their security solutions with small investments over the years that now provide overlapping features and do not always integrate or provide a clear view of one’s security posture. By stripping back and consolidating security solutions, SMEs can reduce spend, remove complexity and better manage how to take advantage of the resources provided under the Cyber Security Strategy.
While the Strategy is a great step in supporting SMEs, it can only be successful if backed by security awareness training and if accompanied by effective planning. SMEs must imbed a security culture within their organisations and encourage best practices of the government’s proposed initiatives. By analysing and consolidating their current security set-ups, the responsibility becomes far less burdensome.
Matthew Lowe, Area Vice President ANZ, Ivanti
