You have to wonder ‘why would a sophisticated cyber expert pick my small business as a target?’
The average cost of a cyberattack and data breach in Australia in 2020 was $3.35m. So, does that mean the hacker won’t target a small business that doesn’t have the volume of information and cash of a big business?
Fact 1: SMEs are a cyber target
In 2000, 96% of data breaches affected less than 5,000 individuals, 71% under 100 people. A 2022 report by Pitcher Partners revealed more than 25% of mid-sized businesses had experienced text message phishing, ransomware, or a full cyberattack. Pitcher’s believed the number was quite higher, many attacks go unnoticed or are not reported.
Data breaches and cyberattacks actually hit SMEs more often than bigger businesses, simply because they are more vulnerable.
Fact 2: All cybercriminals are not sophisticated
Attackers want money, as well as data and connections. They are opportunists, often taking advantage of a security gap or exploiting a vulnerability from a business running old or unpatched software.
Fact 3: Potentially, everyone is valuable enough to hack
Sometimes, a hacker gains information from smaller or more easily accessible organisations about systems and networks, and uses this as preparation for more lucrative opportunities.
Assume you supply a big manufacturer. The hacker looks at systems, relationships, and personnel. Assuming you are the weak link the hacker used for access to the manufacturer, will the customer want to continue with you?
Simple Steps for Defence
The focus must be on what your business can control.
Which are your most critical data assets, and how could they be protected? Trying to cover all databases to the same extent may be overwhelming and a waste of resources.
Know when a breach has occurred. Without this, it is not possible to know what has been compromised.
Have a detailed action plan in place if a breach does occur. It has to be comprehensive because the attacks and responses will vary, and there are also regulatory obligations and notification requirements.
Have a connection with a good IT firm, for maintenance, backup, recovery, and support.
Obtain cyber insurance, your business has the responsibility for losses caused and this can continue on for many months after a breach.
Work through “Exercise in a Box”, at the Australian Cyber Security Centre (the Signals Directorate). This guides businesses through security exercises, covering everything needed to plan, set up, and implement security.
If you don’t have IT support, or an experienced Insurance agent, please ask us for a referral to a capable and experienced advisor. Not having the support and the insurance could be a costly mistake.