Small businesses are not automatically immune from cyber-attacks because of their size, age or sector, according to a new report urging Australian small businesses to be honest about their cyber defences.
New findings from the $23.4 million Cyber Wardens program, from a survey of 2,100 small business participants, show that mature companies are better equipped to deal with cyber threats than their younger peers. This calls into question the traditional assumption that
The report, released Monday, paints a more complex picture, finding that awareness of cybersecurity risks does not always translate into action.
“This research is the first step in understanding what small businesses need to do, what the barriers are and what can be done to support them.” , said Luke Achterstraat, CEO of the Council of Small Business Associations, a leading group of cyber companies. Warden.
False assumptions put small businesses at risk
Rather than assuming that mature SMEs are automatically better equipped to fend off cyber-attacks than younger SMEs, cyber watchdog programs allow SMEs to determine their true capabilities. We propose a five-step system.
Progress through each stage is determined by factors such as how a company uses cybersecurity training, its awareness of external risks, and how often it discusses cybersecurity in the workplace.
The Cyber Wardens team prefers to employ this multi-factor assessment rather than making broad assumptions, especially when learning that a large-scale cybersecurity breach can have counterintuitive consequences for small and medium-sized businesses. is said to be beneficial.
Cyber Wardens research suggests that attacks on companies such as Optus and Medibank have increased public attention to digital crime in Australia and among small and medium-sized businesses.
However, these may have had a counterintuitive impact on small business preparedness.
In particular, some small and medium-sized businesses told cyberwatchers that they were too small to be targeted, and that larger companies were of greater benefit to criminals.
This sentiment can lead to inaction on behalf of well-informed but vulnerable small businesses, the report says.
The survey also found that the majority of small and medium-sized businesses that consider themselves cyber-secure rely on third-party providers to handle their digital security, leading to a passive approach by themselves. Suggests.
“They assume that the sophistication and reliability of the systems that software companies deploy are far beyond what their own small businesses can achieve, so they think it's best to leave it to the software companies. “There are,” the report states.
However, the majority of cyber incidents in Australia are not malware or ransomware attacks targeting software or data systems, but rather crude attacks that target individuals as weak points, such as phishing and bill fraud.
Research that leads to the next stage
This research and the new five-tier ranking system will guide the next phase of the Cyber Wardens system.
It will officially launch at an event in Canberra on Monday, where industry stakeholders will be invited to give their input on how cyber watchdogs will be managed.
The program is currently offering a free 45-minute e-learning module aimed at providing basic cybersecurity knowledge and best practices to small business participants.
Its goal is to train 50,000 small business employees over the next three years, effectively creating a neighborhood watch-style group for cybersecurity.
