Australia’s small business sector is taking steps to protect against the increasing risk of cyber crime with the federal government set to provide $15 million in funding.
At a Council of Small Business Australia forum in Canberra this week, members heard from the Reserve Bank’s cyber security chief Andrew Pade that criminals were shifting their focus to smaller targets.
Just as robbers had switched from banks to service stations and newsagents, Mr Pade said cyber criminals were now targeting smaller operations.
He said the Reserve Bank was recording some kind of attack every four seconds and 70 per cent of all incoming email was malicious.
“If we’re seeing that, you’re going to be seeing it too,” he said.
“While it may be scary, this is a new norm. It’s not something that can be solved. It’s a bit like driver awareness where constant vigilance is required to maintain your security posture.
“Just like you have your car serviced every year, that’s what small businesses need to do with cyber security.”
Mr Pade said everyone had to remain vigilant.
“You can’t stop it but you can become more resilient, where we can just swat away those particular attacks and it doesn’t impact our business,” he said.
“The difference between being resilient and not being resilient is understanding what’s important to you.
“It’s like how you protect your home. You don’t keep your jewellery box near the front door.
“While it may be scary, this is a new norm.”Reserve Bank cyber security chief Andrew Pade.
“You understand what’s important to you as a business. It might be your contact list or your pricing, then you put layers of protection around your crown jewels.”
COSBOA chairman Paul Nielsen said one in five small businesses experienced a cyber extortion attack last year and experts expected this to increase.
“It’s real and it’s not a matter of if but when,” he said.”There is no silver bullet that can guarantee to eliminate the problem.”
Mr Nielsen said COSBOA had adopted a “three pillars” approach that involved education and training; prevention and inoculation; and disaster recovery.
The forum heard a new government-funded program would launch later this year or early 2018 to help small business identify cyber security risks and implement protection.
The Council of Registered Ethical Security Testers [CREST] was founded as a not-for-profit company with a one-off grant from the Attorney General’s Department.
The organisation will provide assessment, accreditation, certification, education and training in cyber security.Chief executive Greg Rudd said a new “penetration test” service would be offered.
Mr Rudd said the federal government had committed $15 million to the program for grants of up to $2100 per small business.
“We’re also looking at developing an automated online test that’s free of charge or a small cost to small business that can be used on a regular basis,” he said.
“Through that process if you strike a problem, that’s when you might have to spend more and get people in, depending on the issue.”
A communique issued at the end of the forum identified cyber crime as a key risk facing small business along with power outages, communications failures and natural disasters.
COSBOA resolved to work with government agencies to promote small business understanding of threats and build capacity to minimise disruption.
Chief executive Peter Strong said the aim of the forum had been to increase awareness and develop strategies quickly to combat the risk.
“As a business community we need to be on top of this and cultural change is required,” he said.
“Twenty years ago most businesses didn’t have burglar alarms and now if you haven’t gone one it’s weird.
“That’s the culture we want with cyber security. We want people to have protection, to train their staff members and have insurance.”
Minister Assisting the Prime Minister for Cyber Security Dan Tehan said the government was committed to improving cyber security for small business.
“The majority of Australians affected by the recent ‘WannaCry’ ransomware attack were small businesses, which should be a wake-up call about the importance of cyber security to small business,” he said.
Mr Tehan said the government’s $230 million cyber security strategy included co-funding for matched grants up to $2100 for small business operators to have their cyber security tested by a CREST-approved provider.
He said the program was expected to open for applications late in the 2017-18 financial year.
Extracted from The Sydney Morning Herald