SMBs at highest risk, warns top cyber sentinel


The fact the attackers targeted large corporates does not mean smaller or mid-sized businesses aren’t on the radar of cyber criminals, he says. SMBs are currently facing challenges similar to those faced by larger enterprises five to six years ago.

Steve Manley, regional vice president ANZ, Palo Alto Networks.

“Like most criminals, cyber attackers go where the money is,” Manley says. “Australian businesses are lucrative targets for cyber criminals, and sometimes the fact that SMBs are less well-protected than corporates means they become very attractive to hackers.”

“In fact, a cybercrime is reported by a small business every 10 minutes to the Australian Cyber Security Centre (ACSC).”

The expansion of hybrid work during the pandemic drove many organisations to expand their use of cloud by more than 25 per cent globally. In Australia, 89 per cent of businesses expanded their use of cloud by more than 30 per cent in a 12-month period.

As a result, the modern business landscape – with its reliance on hybrid work models, a proliferation of cloud-based applications and the introduction of the Internet of Things (IoT) – presents new complexities and vulnerabilities.

As Australian SMBs become more innovative in areas like ecommerce and social media marketing, they can find themselves collecting more data, which also makes them a more attractive target.

Australia continues to be the number one target for ransomware in the region, with 14 per cent of observed leaks in 2022. The primary entry vector of ransomware infections is URL or web browsing, followed by PDFs.

Despite the growing threat to organisations of all sizes, 76 per cent of organisations don’t enforce the protection of multi-factor authentication (MFA) for console users. Meanwhile, 58 per cent don’t enforce MFA for root/admin users and 57 per cent don’t even enforce the inclusion of symbols in passwords.

Frank Arena, CEO and managing director of Cube Networks.

Frank Arena, CEO and managing director of Cube Networks.

Business leaders should reflect on the lessons learned from recent high profile breaches and take steps to prevent the same happening to them, Manley says.

“Overall, we’ve seen significant progress in Australia as businesses continue to prioritise their cyber security posture and the government updates legislation to ensure it remains fit for purpose in the current cyber threat landscape,” he says.

“With the government having launched its new cyber security strategy, we have the opportunity to build on established cyber security best practices and promote the adoption of state-of-the-art capabilities that will strengthen Australia’s cyber resilience.”

To find out more, please click here