According to recent reports, 60% of small businesses in Australia do not survive cyber breaches. This poses a significant challenge for overworked IT professionals in small businesses who have limited budgets to combat the growing wave of cyber crime.
A study by ASIC revealed that small organizations in Australia lag behind in critical areas of cyber security compared to medium and large organizations. To address these concerns, the Australian government has announced a AU $20 million package to support small businesses, including initiatives like a voluntary cyber “health check” program and a Small Business Cyber Resilience Service.
However, small businesses need to prioritize resilience against cyber threats even more and take proactive steps to protect themselves. The ASIC data highlights several weaknesses in small businesses’ cyber security practices, such as not following cybersecurity standards, lack of risk assessments, limited use of multi-factor authentication, failure to patch applications and conduct vulnerability scans, and absence of backups.
The cost of cyber crime has also increased, with small businesses facing average losses of $46,000. For a substantial number of small businesses, a breach can have severe consequences, often leading to closure. Therefore, cyber security poses an existential threat to these businesses, affecting their reputation, customer base, and growth potential.
Small businesses face a critical challenge in protecting themselves due to limited resources. Often, they have small IT teams or a single IT professional responsible for various tasks, including IT security. Additionally, around 48% of Australian small businesses spend less than $500 per year on cyber security.
To address these limitations, small businesses should start with implementing the Essential Eight best practice recommendations provided by the ASD and Australian Cyber Security Centre. These include measures such as creating whitelists, regularly updating systems, disabling macros, securing web browsers, restricting administrative privileges, enabling automatic updates, using strong passwords and multi-factor authentication, and conducting daily backups.
In addition to implementing these measures, it is crucial for small businesses to have a crisis management plan in place to handle breaches effectively. This plan will help mitigate the cost and damage caused by a breach and increase the chances of recovery.