Just 20 percent of Australian small businesses feel that they have strong protection from potential harm from cybersecurity intrusions, new figures have suggested as cybercriminals buy themselves ransomware for Christmas and vendors step up their efforts to bolster protections in the sector.
Fully 56 percent of small businesses surveyed in Allianz Global Assistance (AGA) research said they were not adequately protected from the impact of cybercrime – putting it third, behind economic factors and cash flow, on a list of the biggest business risks facing small businesses.
The figures suggest that small businesses remain dangerously exposed in a climate of increasingly severe attacks that continue to compromise even sophisticated, well-funded organisations like Uber, the Australian Broadcasting Corporation.
With cybercriminals snapping up increasingly inexpensive ransomware-as-a-service capabilities in large numbers, email security firm Mailguard recently noted, “pretty much anyone with an internet connection, a few dollars and a conveniently sub-par conscience can get into the ransomware racket.” This poses a particular threat for small businesses, where reports of ransomware are common and some measures suggest that 1 in 5 Australian small businesses has closed after devastation from a ransomware attack.
Analysts have blamed everything from “ridiculous” privileged-account practices to inadequate data-encryption policies, but businesses are also being compromised due to continued exposure to harmful phishing attacks, hasty adoption of insecure Internet of Things (IoT) devices, and inadequate security skills.
“Vendors and security organisations have brought to market a lot of fantastic things that can help, but businesses all too often don’t realise the need to embracing those,” Check Point Software Technologies APAC chief strategist Tony Jarvis told CSO Australia. “That’s the biggest gap: the gap is not ‘what can we do?’; it is awareness of ‘what should we be doing and how?’.”
Seeking to address these deficiencies as Black Friday and Cyber Monday events presage a holiday period of escalated cybersecurity risk, AGA became the second insurer – after specialist insurer Cyber Plus – to offer a bundle of cybersecurity-related services and support to small businesses.
The company’s Cyber Assist bundle – which combines 24x7 support services provided over the phone or through a network of mobile technicians – follows on the heels of Allianz’s Cyber Protect insurance, launched in 2014 with up to $50m in protection against cybercrime and data loss. In recent years Allianz has also partnered with US-based Cyence to strengthen its global cyber-risk analysis capabilities.
AGA Cyber Assist is positioned as a second-line defence for when existing security measures are bypassed, but other companies have been focusing on strengthening that first-line defence as well. Cylance, for one, recently released a consumer-focused, AI-based security suite that it will push down to consumers through the enterprises they work for. Malwarebytes this month launched a Managed Service Provider partner program designed to facilitate the delivery of security services to businesses of all sizes. And Adelaide-based OpSys recently released an as-a-service offering designed to give small companies access to FireEye’s enterprise-grade Helix security-monitoring platform.
“Nobody will promise you that you can prevent 100 percent of breaches,” Jarvis said, “but we are getting much better in terms of how many we can prevent from getting through. This will make the response side of things much, much less – and hopefully reduce the amount of work involved.”