41% of businesses are unsure who can help with cyber security challenges accordingly to a recent Vodafone Cyber Security Research.
The media tend to focus their reports on the biggest hacks of large corporations, such as Equifax. Such example is insightful of the impact that cyber attacks can have on single businesses (e.g. Consumer-data CIO and CSO “retire”, CEO stepped down and the share price stumbles).
What does it mean to a small business?
There are fewer media reports of small businesses targeted cyber attacks. However, it certainly does not mean that smaller businesses are not targeted. Well on the contrary, SMBs are a prime target for cyber criminals.
A business in Queensland, the sunshine state of Australia, was recently reported to lose $1.9M to cyber scam. This is a huge deal for a small company.
The US National Cyber Security Institute provides a good and concise analysis as to why hackers want to attack small businesses.
I have come across multiple cases of small organisations victim of targeted cyberattacks. Some were totally unprepared to deal with incidents. Most of them did not not know what to do. Some knew where to seek help, but others did not. The cases can also be very emotional to deal with. For example, I remember a call with a despaired CFO which eCommerce business was totally stopped for more than 2 days, resulting in a direct and hard revenue loss and a high customer dissatisfaction. Cyber security incidents can kill businesses, including small ones.
Where to find help?
What would Siri and Google suggest?
Siri: “help with cyber security”
Siri pointed me to the Australian Cyber Security Centre (ACSC) (see pic).
Google: “help with cyber security”
Google provided me with 4 ads from cyber security vendors and service providers followed by links to the ACSC as above, other Australian government resources and many other options.
Australian Cyber Security Centre
A small business in seek for help with cyber security would then be referred to the Australian Cyber Security Centre. It is a good starting point to report a cyber security incident (link from landing page) and to get access to good cyber security resources from the Australian government. However, the ACSC does not lead a visitor to a quick resolution path on assessing and improving a business cyber security risk posture.
StaySmartOnline did not come to the top of the search result list for me, but it is my recommendation for small businesses. It provides simple and practical guidance to protect small businesses information, including tips on what to look for with standard security technologies (e.g. anti-virus). It is well written and of good advice. I will also highlight the upcoming Stay Smart Online Week (October 9-13) initiative, which will promote information on simple steps to online safety.
Building & Running Cyber Security
The Australian Government provides good sources of information on cyber security, but building & running effectively cyber security measures requires some knowledge, experience and skilled resources. Small organisations can seek the help of local trusted and reliable cyber security service providers, but it can be challenging to source specialised resources when needed. Cyber security talent is difficult to find, even for large enterprises and the challenge is only greater for small organisations.
The Gig Economy could provide a solution to small businesses. The Gig Economy has been on the rise for several years and offers a mutually beneficial opportunity to freelancers and small organisations, including in cyber security. Bugcrowd is a great example of it for vulnerability assessment services. Considering sourcing cyber security expertise through gigs can be an option for small organisations when trust in the cyber security freelancers can be efficiently managed. Trust is is critical to cyber security services.