Australia’s small business sector is taking steps to protect against the increasing risk of cybercrime with the federal government set to provide $15 million in funding.
At a Council of Small Business Australia forum in Canberra this week, members heard from the Reserve Bank’s cyber security chief Andrew Pade that criminals were shifting their focus to smaller targets.
Just as robbers had switched from banks to service stations and newsagents, Mr Pade said cyber criminals were now targeting smaller operations.
He said the Reserve Bank recorded some attack every four seconds, and 70 per cent of all incoming emails were malicious.
“If we’re seeing that, you’re going to see it too,” he said.
“While it may be scary, this is a new norm. It’s not something that can be solved. It’s like driver awareness, where constant vigilance is required to maintain your security posture.
“Just like you have your car serviced yearly, that’s what small businesses need to do with cyber security.”
Mr Pade said everyone had to remain vigilant.
“You can’t stop it, but you can become more resilient, where we can just swat away those particular attacks, and it doesn’t impact our business,” he said.
“The difference between being resilient and not being resilient is understanding what’s important to you.
“It’s like how you protect your home. You don’t keep your jewellery box near the front door.
While it may be scary, this is a new norm.
Reserve Bank cyber security chief Andrew Pade.
“You understand what’s important to you as a business. It might be your contact list or pricing; then you put layers of protection around your crown jewels.”
COSBOA chairman Paul Nielsen said one in five small businesses experienced a cyber extortion attack last year, and experts expected this to increase.
“It’s real, and it’s not a matter of if but when,” he said.
“No silver bullet can guarantee to eliminate the problem.”
Mr Nielsen said COSBOA had adopted a “three pillars” approach that involved education and training, prevention and inoculation, and disaster recovery.
The forum heard a new government-funded program would launch later this year or early 2018 to help small businesses identify cyber security risks and implement protection.
The Council of Registered Ethical Security Testers [CREST] was founded as a not-for-profit company with a one-off Attorney General’s Department grant.
The organisation will provide assessment, accreditation, certification, education and training in cyber security.
Chief executive Greg Rudd said a new “penetration test” service would be offered.
Mr Rudd said the federal government had committed $15 million to the program for grants of up to $2100 per small business.
“We’re also looking at developing an automated online test that’s free of charge or a small cost to a small business that can be used regularly,” he said.
“Through that process, if you strike a problem, you might have to spend more and get people in, depending on the issue.”
A communique issued at the end of the forum identified cybercrime as a key risk facing small businesses, power outages, communications failures, and natural disasters.
COSBOA resolved to work with government agencies to promote small businesses’ understanding of threats and build capacity to minimise disruption.
Chief executive Peter Strong said the forum had aimed to increase awareness and develop strategies quickly to combat the risk.
“As a business community, we need to be on top of this and cultural change is required,” he said.
“Twenty years ago, most businesses didn’t have burglar alarms, and now if you haven’t gone one, it’s weird.
“That’s the culture we want with cyber security. We want people to have protection, to train their staff members and have insurance.”
Minister Assisting the Prime Minister for Cyber Security Dan Tehan said the government was committed to improving cyber security for small business.
“The majority of Australians affected by the recent ‘WannaCry’ ransomware attack were small businesses, which should be a wake-up call about the importance of cyber security to small business,” he said.
Mr Tehan said the government’s $230 million cyber security strategy included co-funding for matched grants up to $2100 for small business operators to have their cyber security tested by a CREST-approved provider.
He said the program was expected to open for applications late in the 2017-18 financial year.
On – 26 May, 2017 By Michael Gorey
If this post raised some questions feel free to ask me a question.