Australian small businesses under cyberattack: Some help is coming

Small businesses form a large part of the economy, but individually struggle with the skills, tools, and capabilities to fend off a growing surge of cybersecurity risks.

The New South Wales Labor Party—a relatively small operation that supports more than 13,500 members—is said to have just days before ransomware extortionists publish a trove of confidential data, including passports, driver’s licences, and employment contracts.

That hack is just another data point in a surging attack climate that is, recent FireEye Mandiant figures suggest, increasingly focused on retail and hospitality businesses.

Even as the NSW Labor Party works to avert compromise at the hands of a Russian ransomware group, other Australian small and medium enterprises are gaining access to a range of new cybersecurity support resources through new Australian government initiatives targeting the chronic vulnerability gap that has kept small businesses struggling to keep up with changing cybersecurity threats—and posing significant supply-chain risks as a result.

Government funding for small-business cybersecurity programs

Some $6.9 million in funding, announced under the Cyber Security Business Connect and Protect Program, will be split among 14 successful applicants—who have launched small-business-focused programs ranging from IT Connexion’s Cyber Security Awareness Training and Loyal IT Solutions’ Cyber Secure Central Coast! to CyberCX’s Cyber123 for SME and Real World Technology Solutions’ Cyber Security Resilience within SMB, Charity & Indigenous Businesses endeavour.

Linked with the government’s Cyber Security Strategy 2020, the programs are expected to deliver significant new training and incident-response capabilities for small businesses—which “make up 99% of all Australian businesses and employ about half our workforce, so it is essential to our economy and national security that [small businesses] continue to expand and improve their digital capabilities in a secure way”, said Minister for Industry, Science and Technology Christian Porter in announcing the 14 recipients.

Purpose-built facilities will provide more points of contact and training for small businesses—with Western Sydney University receiving nearly $750,000 to establish a Parramatta-based Cybersecurity Aid Centre that will train and support small businesses in cybersecurity incident response.

The Cybersecurity Aid Centre will include a free incident-response support hotline for small businesses and will—along with Western Sydney University students and commercial partners Emergence, Gridware, DCEncompass, and Secolve—also see the delivery of cybersecurity training across New South Wales.

Ready availability to cybersecurity support will be crucial as Western Sydney taps a vein of regional infrastructure development across the evolving Western Sydney Aerotropolis—which will, by design, create a hotbed of innovation that is likely to be an even more appealing target for cybercriminals.

“Businesses need a resource centre that will help them when a cybersecurity crisis arises,” said Alana Maurushat, a professor of computer, data, and mathematical Sciences at Western Sydney University School, as the new facility was announced, “as well as to help build resilience and awareness around cybercrime and the kinds of behaviours, technologies, and change-management practices they need to adopt to protect themselves.”

Small businesses stepping up but risks continue to increase

Pressured by the pandemic-fuelled tide of digital-transformation efforts over the last year, adopting suitable security protections may well have fallen off the priority list of many survival-minded small businesses.

But as economic growth stabilises and business-resilience efforts redouble this year—and Australian security and risk management spending recovers, according to Gartner projections, by 8% this year overall and 33.8% for cloud security alone—growing access to cybersecurity resources will help small businesses comprehend, if not execute, major shifts in cybersecurity practice.

Fully 67% of ANZ respondents in Gartner’s recent 2021 CIO Agenda Survey said they would increase investment in cybersecurity and information security this year, following on from a reported 54% who increased their investment in digital innovation over the course of the pandemic.

A recent Accenture-Chubb survey of 1,350 business leaders highlighted the four key trends driving this change: navigating digital customer demands, harnessing the power of data, supporting a transformed workforce, and playing in the global market.

“Small and medium businesses may be less able to absorb the costs associated with a cyber incident,” the Accenture-Chubb report noted, warning that growing use of internet of things (IoT) and data-driven processes would drive a surge in “the risk of information disruption with potentially disastrous consequences … for those businesses that do not have adequate safeguards in place.”

Those risks don’t only affect the small businesses themselves: With evolving supply chains rapidly delegating many key business functions to outside firms, the implications of a cybersecurity breach these days are extensive and potentially disastrous. A breach of breakdown of a third-party site or function can effectively shut down a business,” the Accenture-Chubb report noted, warning that “partners may also be derelict in keeping up to date on regulations. … It’s crucial that business owners and risk managers understand their third-party exposures.”

Copyright © 2021 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)