When it comes to managing cyber risks, owners of Australia’s four million small and medium-sized businesses (SMBs) find themselves caught between a rock and a hard place. On the one hand, they’re eager to protect themselves and their businesses from cyber attacks. On the other, they often lack the knowledge and resources needed to do so effectively.
Eighty percent of the respondents to an Australian Cyber Security Centre (ACSC) Small Business Survey say that cybersecurity is ‘important to very important’. Yet, nearly half rate their cybersecurity knowledge as ‘average’ or ‘below average’ and their cybersecurity practices as ‘poor’. As a result, nearly two-thirds have experienced a security incident, and more than half consider it ‘likely’ or ‘almost certain’ to happen in the future. Chronic budget constraints are one cause. Almost half of the SMBs said they spend less than A$500 annually on cybersecurity.
ONGC Systems has a unique perspective on these challenges. The BlackBerry MSSP partner has been a leading IT solutions provider to Queensland entrepreneurs since 2003.
“Most of our customers are small businesses with slim margins and limited or nonexistent budgets for IT and cyber defense,” says ONGC Director Steve Dawson. “Small business owners tend to prioritize investments that help them increase sales and build market awareness. It’s hard to demonstrate the return on investment from preventing something bad from happening. Most businesses here never even consider security issues until they suffer a breach or become victims of ransomware.”
They do so at their peril. Cybercrime costs individuals and SMBs in Australia an estimated A$328 million annually.
A National Concern
It’s regrettable when an individual SMB shuts down because it’s unable to recover from a serious security incident. If the problems are systemic, however, and the entire sector remains vulnerable to cyber attacks, then Australia may be facing an existential threat to its national security and economic prosperity. Small businesses generate 35% of Australia’s Gross Domestic Product and employ 44% of its workforce. The nation relies on SMBs to help sustain economic stability and fuel growth.
In recent years, the Australian government has tried, with intermittent success, to help SMBs increase their cyber resilience. In July 2019, for example, the ACSC introduced ReportCyber, a successor to the Australian Cybercrime Online Reporting Network. In addition to incident reporting, ReportCyber provides a variety of tools, products, and services to help SMBs protect themselves against the most common cyberattacks. These include a Small Business Cyber Security Guide, as well as opportunities to participate in workshops and training sessions on incident response and various technical topics as members of the ASCS Partnership Program.
As important as they are, government-led initiatives alone cannot instill a security culture that re-shapes SMB business practices or arm SMBs with the cyber defenses they need to navigate an increasingly treacherous threat environment. As always, it will be up to Australia’s private sector and firms like ONGC Systems to educate clients and deliver solutions.