There seems to be a constant bombardment of alerts and articles landing in my inbox over the last few months of system breach after system breach, it really does seem like the future is going to be a challenging one for businesses when we are talking about protecting your businesses from this ever-expanding avalanche of attacks.
Many of these breaches or cyber security incidents are being targeted at Australia’s small businesses; this focus makes sense for several reasons firstly according to ABS small businesses make up 97.4% of the total number of businesses in Australia. What do they classify as a small business? Small businesses are defined as 0-19 employees with a count of 2,066,523 small businesses. A further 2.4% are classed as a medium-sized business (20-199 employees) and a final 0.2% classed as large (200+ employees). That gives us overall total businesses of 2,121,235 in Australia at the time of the ABS statistics.
With SMB’s taking up 99.8% of all Australian businesses, it certainly makes sense that they are a target of cyber criminals but let us look at just the small businesses who make up 97.4%, they have a small number of staff, a much smaller revenue stream than enterprise or even medium size organisations and the pressure on their budgets would make it hard for them to consider looking at a really strong cybersecurity program whether this is physical or software based protection or even just user awareness training initiatives to help educate staff.
This would reveal these small businesses as a great target for cybercriminals because protections would be less, they would not have dedicated IT/Security staff to protect their systems and if you really talk to these business owners, they are usually very pressed for time. Cybersecurity is something that they may be aware of but is right at the bottom of the list of their priorities.
Does that mean small business owners do not care about cyber security? No, I do not think it does, I feel that it is just put in the too hard basket and left at the bottom of that list. Why is this so, I feel this is partially time and perceived costs but to be honest I feel it is also our industry sectors fault. Many of the great protection platforms that are utilised by large organisations have a minimum requirement of at least 100 users/endpoints and in some instances 1000 as a minimum user/endpoint count. When small businesses are less than 20 employees that instantly rules them out as possible solutions that they can use to help protect their systems and users.
Davichi the MSP/MSSP I work for in Brisbane is trying to resolve this problem for SMB’s with adapting some of our solutions so that we can offer them to these types businesses but this problem will not be solved by one organisation. We as an industry need to work together at trying to help educate all Australian businesses (not just the big end of town) about how to reduce their risks of a cybersecurity incident and how to better leverage options available to them.
I regularly talk to business owners in this market and it is clear that this massive segment of small Australian businesses are not even considered by most of our industry, due to the idea that it would not be cost effective to offer their platform/services to them. This view is very short-sighted and we really need to come together as an industry in Australia and around the world to find a way to provide businesses of the smaller variety a way to utilise great cybersecurity solutions because I really do not feel that they are leaving themselves poorly protected deliberately.
They only have access to basic antivirus solutions and possibly spam filtering services (even some of these have 50 minimum user requirements) because that is all that we as an industry are making available for them. This just seems crazy to me, why can’t we as an industry figure out how to make this work?
Let's come together and find a way to help protect these hard-working businesses, if we can better protect as many of them as possible it can only help make Australia as a whole more secure. Do not forget that many of our larger organisations use these small businesses as subcontractors and they may have access to your systems. Don’t you feel that it is in our best interest to make them more secure?
I certainly do…