Why Australian SMEs need to shore up their cyber resilience
Cyber attacks against large organisations often make the headlines, but small and medium-sized businesses are also vulnerable to savvy attackers looking to exploit weaknesses in corporate environments. Last year, the Australian Cyber Security Centre (ACSC) reported that the average cyber attack on small businesses costs $39,000 per incident, and a global rise in cybercrime – fuelled by state-sponsored hackers from other nations – means that business security leaders need to reconsider cybersecurity as a business necessity, rather than a technology challenge.
Small and medium-sized businesses often suffer in their overall cybersecurity posture from a lack of resources, financially and technologically. A recent survey conducted earlier this year in Australia and New Zealand found that 23 per cent of IT leaders say their business doesn’t have a single employee dedicated to cybersecurity full-time, with 16 per cent claiming they don’t even have 24/7 security monitoring of any kind. This lack of coordination can lead to small and medium business security leaders or IT professionals getting bogged down by false-alarm alerts or falling behind in defending against the latest malicious attack techniques.
The latest style of attack on small and medium-sized businesses originated from Chinese state-sponsored hackers using a “living off the land” approach, utilising built-in network administration tools to infiltrate their targets. By using routers and other small office hardware, as well as blending in with normal Windows system tools like Powershell, attackers are able to avoid using malware and evade detection by modern security systems while still infiltrating their target.
That means attackers can maintain a presence in their environment for long periods of time without having to reveal themselves by acting, placing virtually all of the data that their target business or institution holds at risk. The hacking group using this technique, called “Volt Typhoon,” poses a grave threat to the security of SMEs throughout Australia and its allies. As the largest contributors to the national economy and comprising 98 per cent of all of Australia’s 2.6 million businesses, these enterprises can’t waste time in ensuring they have total visibility into their environment and business resilience built into their security strategy.
That’s why small and medium-sized business leaders taking the time to introduce proper cybersecurity controls into their environment could make the difference between deflecting attacks and $39,000 disasters. As a baseline, businesses need to ensure that they change the default credentials of any internet-connected device, like a router, to a strong password that is backed by multi-factor authentication. Attackers can scan the internet for devices that may have default or factory-setting passwords still in use, making them easy to infiltrate and eventually access the entire network.
In tandem, businesses can reduce their cyber risk by staying on top of their patching and updates to the software in their environment. After a company releases a security patch to their product, every minute that a business goes without pressing download increases its cyber risk. Similarly, businesses that regularly update the firmware and software of their routers and other devices will place themselves in a better position to detect attacks from organisations like Volt Typhoon.
Defending against nation-state-sponsored cyberattacks is already difficult, and it is encouraging to see the Australian government continuing to take these threats seriously. In response to the concerning trend, the ACSC recently refreshed its Small Business Cyber Security Guide, including guidance around the use of password managers, network security and emergency planning. Additionally, initiatives like last year’s $9.9 billion REDSPICE investment into national cyber capabilities are testament to this commitment. But it will fall on the small and medium-sized businesses themselves to stay vigilant against new attack techniques, especially those with the sophistication and backing of nation-states.
About the author: David Hayes is the ANZ regional director for cyber security operations company, Arctic Wolf. Having worked in the Australian security and DevSecOps space for 20 years, David has extensive technical expertise, business acumen and a deep understanding of the local cybersecurity market.
This story was originally published on Inside Small Business.