Podcast
Crayon Cyber Chat: The Journey to Cyber Resilience
Cybersecurity experts from Crayon, SMX and Red Sift cover the realities of the complex threat landscape and how partners can respond.
Ransomware attacks can destroy small and medium businesses (SMBs). So real is the threat, new legislation under consideration by the Australian federal government presents possible penalties for making payments.
There is increasing concern amongst policymakers that paying off ransomware attackers encourages ever bolder and more daring criminal behaviour. Recent media reports outline the Australian federal government is reviewing existing regulations as part of its “Ransomware Action Plan’.
New rules would introduce a ‘zero tolerance’ position on ransomware, making it mandatory for all companies with turnover of more than $10 million per annum to report ransomware attacks and disclose any associated payments made.
There is continued debate about the impact and efficacy of the proposed changes, but it is a clear signal the government intends to act. We encourage our partners to keep a close eye on this issue and raise awareness with their customers that ransomware attacks on small businesses are on the rise.
Let’s be honest, many SMB owners wrestle with prioritising cyber security. They’re focused on building their business, adding new clients, managing cash flow and keeping the lights on in their operation.
Time and resource are scarce and stretched across a myriad equal and competing business needs, such as customer service, sales, products, marketing. The focus is on activities and investments that grow the business, not so much the stuff that could derail it, like ransomware attacks.
One of the challenges for SMBs in accepting ransomware as a risk is the terminology sounds like something out of a spy movie – more like fiction than fact. There is also a common misconception that cybercriminals only target big business, as these stories are the ones that tend to make headlines.
In reality ransomware is a direct threat to SMBs in Australia and New Zealand, which are both in the top ten of nations targeted by this type of attack. Corewave also reports the average downtime caused by ransomware attacks due to recovery of data and restoring networks is 16.2 days – which would be devastating for most small businesses.
Ransomware statistics can be scary, but they don’t reveal the horror nor human suffering behind the numbers. The harsh reality is ransomware can send businesses to the wall, and more businesses are at an increased risk of this kind of attack than ever.
The good news is SMBs can minimise risk by adopting the Essential Eight cybersecurity framework. Devised by the Australian Cyber Security Centre (ACSC), adherence to the recommended controls in the framework massively reduces SMB exposure to ransomware attacks as well as other cybersecurity threats.
For SMBs at the start of their cyber security journey, the Essential Eight removes a lot of concern and complexity because ACSC cyber security experts have done most of the thinking and planning required to get cybersecurity measures right. They’ve identified the major threats and listed actions to mitigate them. It’s a joined-up cyber security action plan. For cost-conscious SMBs, the good news is the Essential Eight is free expert consultancy.
The following two mitigations from the Essential Eight provide an example of effective risk management that will give all SMBs a better chance of combating cybercriminals.
This mitigation action calls for regular data and systems backups (at least daily). Many online businesses need more frequent backups so they can restore systems and data to a very recent position. SMBs should implement a backup frequency that suits their specific conditions.
This mitigation also recommends regular testing of the recovery process. Testing proves that the backup solution works, and that data can be restored in the event of a ransomware or other attack.
The ACSC says: “Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information.”
MFA requires users (whether inside or outside the organisation) to provide two or more types of authentication (e.g. username and password, plus a finger or eye scan, or a PIN texted to their phone). MFA makes it much harder for hackers to get access to a system through stolen login credentials.
The Essential Eight is the outcome of some serious thinking by highly talented ACSC cyber security experts and provides a practical and realistic starting point for many SMBs to prevent ransomware and other attacks. The fact that it’s also free just makes it even more compelling.
For our partners, Crayon offers a service that can help you to assess the state of your customers Essential Eight maturity levels. It is a practical and effective way to identify where they have existing risk and get an actionable roadmap in place that will improve their cybersecurity posture.
Whether you have an existing security practice or need new ways to respond to your customers increased security needs, our Security Assessment services have you covered.
Learn More about how we can help.
Podcast
Cybersecurity experts from Crayon, SMX and Red Sift cover the realities of the complex threat landscape and how partners can respond.
Company Announcements
Blogs
Insights on the direction of SMB cloud adoptions across the region, and the capabilities they most value in their technology service providers.
Training
How to ensure your Microsoft Partner Network (MPN) details are registered correctly against your customer’s cloud environments.
Webinars Series
Webinars Series
Case Studies
Press Release
Company Announcements
Press Release
Empowering Partners, MSPs and ISVs with best-in-class protective DNS security solutions
Blogs
Blogs
Top 5 most common problems low-code solves for SMBs, what the low-code revenue growth potential for MSPs is, and why now is the time for MSPs to enter the low-code market.
Our latest Cloud Horizons eBook looks at a robust review of cloud tech's past, present, and future, value generation insights, and pathways to cloud profit for MSP’s.
Our APAC channel business is now part of a global organisation. That means there is a whole new world of value on offer for our partners. We can help you to tap into all of it.