Small businesses face “devastating” consequences from breaches every day: expert

Watching one small business after another get destroyed by cybersecurity breaches motivated the creation of a security management portal specifically for small businesses, the head of security consultancy Enex Carbon said as the Melbourne-based firm took the wraps off of its new CarbonCore small-business cybersecurity solution this week.

“We have been involved from a professional-services perspective when these businesses get impacted by cybersecurity,” CEO Mark Jones told an audience that included Victorian minister for small business, innovation and trade Philip Dalidakis and AustCyber CEO Michelle Price.

“It’s devastating to see what happens to a company when they have to shut their doors a few days after a ransomware attack, or when they have lost hundreds of thousands of dollars because someone has infiltrated their network or has fraud going to the CEO. There are countless stories, and we don’t hear probably 98 percent of them.”

Reducing the small-business toll

CarbonCore has been positioned at a flat price and clear deliverables in an effort to assist small businesses whose owners are generally so busy running their companies that they have no time to master cybersecurity policy and practice.

The free Basic tier includes a cyber security policy document, training handbook for staff, and a document outlining how to manage a cybersecurity incident in the event of a compromise – crucial given the reporting requirements placed on nearly every company by the newly enacted Notifiable Data Breaches (NDB) Scheme.

CarbonCore’s Standard package ($190 per month for up to 20 staff) adds an annual security awareness assessment, a website security scan, and security threat and risk assessment; the Premium package ($290 per month for up to 40 staff) adds advice and triage support for cybersecurity incidents, an annual management briefing, and an annual review of the company’s cybersecurity incident response capability.

Such capabilities are all an intrinsic part of any company’s security response, and productising the services helped Enex Carbon keep prices within reach of even the smallest business – while retaining the ability to add new capabilities, at scale, over time.

“It’s not like we’re talking about a company with tens of thousands or millions to spend on security every year,” Jones said. “So we tried to keep it really simple based on our research to focus on the elements businesses need to get security right.”

The company will continually be updating its services and adding new capabilities as it figures out how to deliver them at scale.

Turning real privacy concerns into real collective action

The launch of CarbonCore comes in the midst of a large and intense public discussion about consumer privacy and the role of businesses in preserving it, Dalidakis said while addressing the launch audience.

Small businesses wondering whether cybersecurity is worth the effort, he said, need only look at the continuing uproar over the federal government’s My Health Record (MHR), which has been plagued with concerns about data security and sharing of information with third parties.

“That outcry and concern demonstrates that people do care,” Dalidakis said. “They are awake to the issues of privacy, and they are awake to the concerns about protection of their own personal data.”

Governments, large businesses and small businesses revolve around each other in intrinsically linked ecosystems that cannot function properly without demonstrable confidence in the security of the enabling solutions.

“There is no greater threat to our ability to undertake commerce on an e-commerce platform,” he continued, “than people having a lack of confidence in the very settings and infrastructure they are required to be able to transact through.”

Price agreed, arguing that Australia has an opportunity to be “an exemplar for how other countries can tackle this challenge for their economies as well” and noting the potential export opportunities that come from a solution like CarbonCore.

Early improvements however, will come as small businesses realise both that they can no longer hope to stay safe by languishing in obscurity, and that there are suitable solutions available to help them remain confident in their infrastructure security.

“It’s our job to keep ensuring that as many people as possible understand the issues that they face,” Dalidakis said, “and for us to be able to find solutions. CarbonCore is a great example of a business proving solutions that try to make this as easy as possible for the SME market.”

David Braue attended CarbonCore launch as a guest of CarbonCore.

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies