The internet has turned into a challenge for small to midsize businesses based in Australia. In addition to the difficulty of implementing innovative technology quickly and with limited resources because of the rate of invention, they also face the same cyberthreats that affect other organizations. Then, as 60% of SMBs close following a breach, companies that are breached are likely to fail later.

This has raised concerns of the regulators. 

According to a recent report by ASIC, ‘medium to large’ business firms are recently been reporting severe cyber security capabilities in comparison to other organizations, including supply chain risk management, data security, and consequence management.

In response to the aforementioned threats, the Australian government has announced an AU $20 million package to boost small businesses. An optional cyber "health check" program is being established as part of this to assist small business owners in assessing the maturity of their cyber security. A Small Business Cyber Resilience Service, which will offer a one-on-one service to assist small firms in recovering from a cyber assault, will also receive $11 million of the package. 

This initiative will focus on areas where SMBs are the most vulnerable. However, small firms will also need to take it upon themselves to place a lot greater emphasis on resilience than they have been doing in the face of growing cyber threats. 

The Risk in Numbers 

The ASIC research analysis found that small businesses are only slightly more effective than half of their medium and big counterparts in several areas, such as identifying threats and overcoming them.

The significant percentages of small businesses are as follows:

• Do not follow or benchmark against any cyber security standard (34%).
• Do not perform risk assessments of third parties and vendors (44%).
• Have no or limited capability in using multi-factor authentication (33%)./ Do not patch applications (41%).
• Do not perform vulnerability scans (45%). Do not have backups in place (30%).

The Cost to Small Business

The Annual Cyber Threat Report 2022-23 published by the Australian Signals Directorate reveals that the average cost of cybercrime has increased by 14% over the past year. Small firms paid $46,000, medium-sized organizations paid $97,200, and bigger enterprises paid $71,600.

Of course, that is a financial burden for any business, but it seems to be especially harmful for SMBs. Approximately 60% of small firms that experience a breach ultimately go out of business as a direct result of it.

These organizations face a real existential threat from cyber security. Even those who manage to escape the breach's direct costs still have to deal with the harm to their reputation, which can cost them partners and customers as well as short-term cash flow. In the best-case scenario, a cyberattack "just" prevents the small business from expanding and growing.

What can Small Businesses do? 

After identifying the restrictions on resources available to small businesses, the ASD and Australian Cyber Security Centre have designed the Essential Eight, a set of best practices for security and small enterprises. These are as follows:

• Creating, implementing and managing a whitelist of approved applications. 
• Implementing a process to regularly update and patch systems, software and applications.
• Disabling macros in Microsoft Office applications unless specifically required, and training employees not to deploy macros in unsolicited email attachments or documents. 
• Securing the configuration of web browsers to prevent harmful content, hence hardening user applications. Keeping browser extensions up to date and only using those that are required.
• Restricting administrative privileges to those who need them. 
• Configuring operating system patching through automatic updates.
• Using strong, unique passwords and enabling multi-factor authentication. 
• Isolating backups from the network and performing daily backups of important data.