Every 10 minutes, a business in Australia is hit by a cyber attack — and you could be next.
This is a staggering statistic brought to us by the Australian Cyber Security Centre (ACSC) 2023 Small Business Survey Report — a must-read resource for any small business owner. What’s more alarming is that about 43% of these attacks specifically target small-to-medium businesses (SMBs).
In this article, 1300 InTech will provide insights into the implications of these attacks and outline immediate measures you can implement to protect your business. Hopefully, our guide helps you assess how prepared your SMB is — should you face the latest cyber attack.
How cyber attacks affect small businesses
No business is entirely safe from a cyber attack. However, SMBs are especially at risk as they are often less prepared to defend themselves when targeted. Here are some key statistics from the ACSC Report:
- 48% of SMBs spend less than $500 annually on cybersecurity measures.
- 97% of SMBs have fewer than 20 staff, meaning little to no dedicated IT personnel on board.
- 97% of sole traders (businesses with only one employee, the owner) adopt a DIY approach to managing cybersecurity, which is often unadvisable given the complexity of combating cyber attacks.
All in all, these factors leave SMBs poorly equipped to handle the growing threat of cyber attacks.
Financial and operational impact
As discussed in our previous blog, the latest cyber attack can indefinitely cripple an unsuspecting SMB, as they lack the capability to recover from the damages (when compared to larger enterprises) caused by such an attack and still remain afloat.
This is because SMBs often operate with limited resources and time from the start, which leads to minimal investment in cybersecurity measures. This leaves them more vulnerable to threats.
Cyber attacks can also trigger a domino effect due to lost revenue, IT recovery costs, network remediation expenses, the cost of paying the ransom (if they choose to do so), increased insurance premiums, and reputational damage.
Interestingly, the ACSC discovered that many SMBs underestimate the challenges of recovering from a cyber attack, with most claiming they could bounce back “immediately” or “within a few days” of an incident, regardless of prior experience.
In reality, however, most businesses only achieve partial recovery, leaving them vulnerable to long-term operational and financial setbacks.
The costs can escalate further if sensitive information is stolen during the attack, potentially resulting in fines or legal action from affected parties. This can tarnish your reputation and strain customer relations.
How it affects your customers
Although cyber attacks mainly target businesses, some of that damage spills over to their customers.
In other words, the impact of a cyber attack doesn’t just stop at financial losses. They can also severely harm your company's reputation. Your customers could lose faith in your ability to protect their personal information and may choose a competitor who could better protect their data.
However, do we have solid evidence that customers are actually concerned about this issue? According to the Consumer Policy Research Centre, they are. Findings show that 7 out of 10 Australians feel they have little to no control over how companies handle their personal data.
A cyber attack could amplify this unease and may undermine customer trust in your business, which then leads to further scepticism and ultimately, hesitancy to engage with your products or services.
In October 2022, hackers targeted the company, compromising the medical records of millions of its (former and by then current) customers and threatening to release sensitive information on the dark web — putting millions of people at risk of exploitation and fraud.
In response, companies and government agencies were overwhelmed with people rushing to secure their personal information. Many of its customers harboured a wide range of negative impacts — from inconvenience to heightened anxiety about their personal data being stolen.
Why it's hard to implement good cybersecurity measures
The results of the survey highlight the pressing need for SMBs to assess their cyber security understanding accurately. However, what are the barriers preventing better implementation of cyber security practices, and how can SMB owners address them?
Here are some key challenges found by the ACSC:
- Most SMBs don’t have dedicated IT staff, forcing cyber security to compete with other business priorities for attention and resources.
- Limited budgets can restrict SMBs from hiring cyber security experts or investing in robust protection, leaving them more vulnerable to attacks.
- The field of cyber security is complex and ever-evolving. Rapid advancements in technology and sophisticated cybercriminal tactics make it challenging for SMB owners to keep up. Additionally, technical jargon in guidance materials may hinder comprehension, leaving owners unsure of where to start.
- SMB owners often underestimate how risky and damaging cyber incidents can be, including how long it might take to recover. This can make them overconfident or unaware of their security weaknesses, leaving them more vulnerable to attacks.
- Additionally, many SMB owners and employees lack proper planning or reactive training to identify and address cyber threats effectively. For instance, the ACSC found that 1 in 5 business owners are unfamiliar with basic terms like "phishing," underscoring the need for awareness and education.
What you can do to mitigate attacks
To overcome these barriers, SMBs need clear and actionable instructions to effectively mitigate the risk of cyber attacks. This need prompted the ACSC to form the Essential Eight — a set of guidelines designed to make it significantly harder for cybercriminals to compromise systems and reduce the impact of successful attacks.
- Update outdated applications
- Update operating systems
- Implement multifactor authentication
- Restrict administrative privileges
- Control and regulate applications
- Restrict Microsoft office macros when not in use
- User application hardening
- Regularly back up valuable data to a secure storage point
Note: No mitigation strategy can offer complete protection against the latest cyber attack — while it cannot eliminate risks entirely, it significantly reduces the likelihood and its impact.
The Essential Eight is, however, still one of the most effective and easy-to-digest baselines for establishing strong cyber resilience for SMBs. It includes measures like restricting administrative privileges, patching applications, and enabling multi-factor authentication.
However, implementing rock-solid backups, like Magic Backups® would be at the very top of our list. Recovering mission-critical PCs quickly after a cyber incident will significantly reduce the impact of costly cyberattacks like Ransomware.
Additionally, insights from IT experts (like 1300 Intech) can bridge knowledge gaps and provide guidance on properly implementing these measures. Our team regularly shares such insights on our monthly Digest, and if you're interested in more articles about IT in Small Businesses, we’d be glad to have you on board!
Alternatively, you can always contact us for technical inquiries, and our Help Desk will be happy to help you out.
