For SMEs, cyber crime is a challenging battle. All organisations are faced with increasing threats, which have escalated further since the COVID-19 pandemic. Phishing attacks have soared and emerging threats such as email account compromise (EAC) are also rising, targeting companies with weaknesses in email security. Smaller companies are growing target for international criminals but have far more limited knowledge and resources when it comes to defending themselves.
The federal government’s recent announcement of the Cyber Security Strategy 2020 is a welcome step in the right direction. As well as providing assistance to SMEs to increase their cyber security awareness and capabilities with security tools and products, it also includes a dedicated online cyber security training program. Generally it references smaller businesses significantly more than previous strategies have done.
There are further measures that could be taken to support smaller businesses, which represent a critical part of Australia’s economy. A third of the nation’s workforce works for small businesses, which contribute over a third of IVA (Industry Value Added) to GDP. Small businesses are an extremely valuable sector, but also one that is particularly vulnerable to cyber crime.
Research by the Australian Cyber Security Centre found that a large proportion of Australian SMEs have inadequate cyber security practices and don’t fully understand underlying threats and vulnerabilities. It’s not surprising, since 97 per cent of Australian businesses have less than 20 staff and are, therefore, unlikely to have security specialists in their IT departments, if they even have full-time IT staff. Almost half of SMEs spent less than $500 a year to protect themselves and rated their cyber security understanding as “average” or “below average”, with poor cyber security practices. One in five businesses did not even know the term “phishing”.
Here are three areas where SMEs can gain from:
- SMEs need a dedicated SME Ambassador
Small businesses do not have the capability in security that larger organisations have. Having a dedicated SME cyber ambassador at a federal level would be ideal. Small businesses need someone visible to advocate for them, and lead programs and research into how we deal with escalating cyber threats. - Create a dedicated SME hotline
A one-size-fits-all helpdesk isn’t ideal for cyber crime. While there is overlap, the challenges of cyber security and cyber attacks vary for larger vs smaller organisations. Cyber threats can be uniquely challenging for small businesses where limited security tools have been deployed and data is less likely to have been backed up properly. - Make cyber training and tools tax-deductible
If key cyber security products and services for SMEs were made tax-deductible, security would become easier and more accessible for many smaller businesses.
Ultimately what’s needed is to build security capability in the small business sector in areas where it hasn’t effectively existed before. As small businesses increasingly become digital businesses, their attack footprint and thus their vulnerability is increasing. Their cyber security defences need to increase accordingly. Currently, that’s not happening.
The pandemic has driven many small businesses to breaking point, and a ransomware attack or data breach and reputational fallout could drive many permanently out of business. Government, businesses and the security industry need to join forces to protect the small powerhouses of Australia’s economy and digital future.
Mick Esber, Head of Technology, Wontok
