As modern workplaces decentralise and move to hybrid models, it has become more important to tighten security gaps and reduce the opportunities for cybercriminals to exploit and extort Australian businesses. Partners that know how to leverage the advanced security features in their customers productivity platforms and applications have a growing opportunity to respond.
How Real is the Problem?
With so much data flooding the market on cybersecurity issues, it is easy to become hardened or cynical about how much is hype, designed to drive vendor sales agendas.
Real Big and Getting Bigger
The Australian Cyber Security Centre (ACSC) received some 76,000 reports of cybercrime in the 2022 financial year. That is an average of 208 cybercrimes committed every day, but the real number of cybercrimes is probably much higher. Leading Australian cybersecurity expert, Nigel Phair estimates that only one-fifth of online crime against businesses is detected and reported, meaning an estimated 300,000 actually took place in 2022. That is a real and significant problem for a country of just over $2.5 million registered businesses.
Cybercrime reports to ACSC 2020-2022
Image source: https://www.statista.com/statistics/1343645/australia-number-of-cybercrimes-reports-acsc/
Employee vulnerability is real
Small to medium sized businesses (SMBs) are highly vulnerable to cybercrime. Less security technology and in-house technical skills contribute to this, but the ‘people factor’ creates the biggest weak spot. Exploiting a lack of cybersecurity awareness amongst SMB employees is how most cybercriminals succeed.
Cybercriminals are very adept at creating emails, websites, and links that appear genuine but will trick people into making mistakes. ACSC found that 83% of reported cybercrime in the 2020/2021 financial year could be partly or entirely attributed to users. The majority involved people downloading and deploying malicious software on their systems after being targeted with these tactics.
Training can mitigate the people factor over time. SMBs clearly need immediate countermeasures to ensure continuous productivity, even in the event of a cyberattack. Engaging external expertise is the most effective way to achieve this important aim.
The financial impact is real
Nigel Phair estimates the total cost to the Australian economy to be $43 billion per annum. The ACSC’s Annual Cyber Threat Report 2022 identifies the average cost to SMBs as $63,000 per cybercrime, with businesses of between 20-199 employees sustaining the highest financial losses.
SMBs also face the potential of stiff financial penalties for non-compliance with data breach notification and data privacy protection laws. This means when cybercriminals successfully steal personally identifiable information from a business and use it to extort money, it results in a triple threat; financial loss, losing customers due to data breach notifications and significant fines. Many SMBs would struggle to keep the doors open if hit with one of these, let alone three.
Steering the Customer Conversation
The connection between business productivity and security is not always obvious to SMB customers. Taking your customer conversations gradually through the following three stages can help them make sense of the different security layers they need.
Protect
Cybercriminals leverage the most widely used productivity platforms and applications to fool businesses. Email is a common example. With appropriate protection systems in place for productivity suites, many threats do not make it through to the end-user and can never be activated. Dedicated applications can stop malicious email attachments, viruses, and ransomware from causing issues for businesses and employees.
Limit
Defence mechanisms are needed to limit the risks to your customers business, should a threat make it past the protection layer. Good defence strategies include constant monitoring of systems for potential problems and the ability to isolate and remove malicious files, applications, and code in the event of an attack. Appropriate password usage, email encryption and the inclusion of multifactor authentication will further limit the ability of cybercriminals to break past protections and defences.
Recover
The recovery layer helps your customers lay the foundations for cyber resilience; the ability to bounce back quickly from security incidents and rapidly adapt systems and procedures to reduce the chance of repeat events. This involves being able to identify what was lost, assessing the extent of the damage and utilisation of data storage and backup solutions to help restore anything that was compromised or stolen.
A Critical Consideration for Partners
“In the unlikely event of a sudden loss of cabin pressure, oxygen masks will drop down from the panel above your head. Secure your own mask before helping others.” Sound familiar?
Before you can hit the runway to help your customers, it is imperative to ‘secure your own mask’. As part of the software and service supply chain for your customers, the last thing you’d want is for your business to be identified and exploited as a weak link. However, the potential for this to occur is increasing. The most recent annual cyber threat report from ACSC specifically noted that MSPs, CSPs and IT service providers were actively targeted by cybercriminal networks during 2021 and 2022 because they provide a single-entry point to a range of sectors. Attacks on MSPs/CSPs are undertaken with the aim to ‘breach one, damage many’.
Secure Productivity practice readiness is all about ‘securing your own mask.’ Our cybersecurity technical advisory team is experienced in working with partners on strategies and programs that get your business built for take off.
Ask your rhipe account manager to provide an introduction, and to let you know about relevant incentives and promotions that can benefit your customers and your bottom line.