Blogs
Cytrack.io AI-enabled Productivity Solutions from Crayon
Explore how Cytrack.io solutions meet emerging SMB demand for AI-enabled, unified communications platforms.
Ransomware attacks can destroy small and medium businesses (SMBs). The Essential Eight cybersecurity framework helps savvy business owners stop cyber criminals in their tracks
Ransomware poses a huge cybersecurity risk that SMBs need to address. The good news is SMBs can minimise risk by adopting a simple, proven strategy. The Essential Eight cybersecurity framework created by the Australian Cyber Security Centre (ACSC) was built upon strong foundations derived from the globally recognised CIS Control framework. Its purpose is to massively reduce SMB exposure to ransomware attacks as well as other cybersecurity threats.
For SMBs at the start of their cyber security journey, the Essential Eight removes a lot of the planning and complexity because ACSC cyber security experts have done most of the thinking and planning for you. They’ve identified the major threats and listed actions to mitigate them. It’s a joined-up cyber security action plan. For cost-conscious SMBs, the good news is the Essential Eight is free expert consultancy.
Many SMBs neglect to prioritise cyber security
Let’s be honest, many SMB owners who are building their business, adding new clients, managing cash flow and growing their team to support expanded operations don’t see cybersecurity as a high priority. They’re focusing scarce time and resources planning the next marketing campaign or new product that can grow the business. Not so much about the stuff that could derail it – like cybercrime generally and ransomware specifically.
One of the challenges for SMBs in accepting ransomware as a risk is the terminology sounds like something out of a crime novel – more like fiction than fact. The hard facts are that ransomware is all too real, and is a direct threat to SMBs in Australia. SMBs need to face that fact and take action.
Ransomware is real and happening all over Australia
Ransomware is real and happening all over Australia
The ACSC’s annual cyber crime report states the agency received “nearly 500 ransomware cybercrime reports, an increase of nearly 15 per cent from the previous financial year.” Harvard Business Review says ransomware is growing even more quickly: by 150% in 2020 and even faster in 2021.
The ACSC also reports the average downtime caused by ransomware attacks due to recovery of data and restoring networks is 16.2 days – which would be devastating for most businesses.
Ransomware statistics can be scary, but they don’t reveal the horror nor human suffering behind the numbers. Every so often, though, we get a glimpse into the wreckage.
The author of this blog had direct experience of a ransomware victim just recently during an Uber ride. The Uber driver (we’ll call him Joe), explained he doesn’t normally work as an Uber driver. But Joe was forced into a temporary career change when his business was destroyed by cyber attacks – two of them within 3 months. Joe’s successful online business – as a broker between used car vendors and buyers – subsequently went belly up. He and his three staff lost their livelihoods.
The first attack was a ransomware intrusion that encrypted his files including customer, product and financial data. The cyber attacker demanded money to unlock the data. Joe refused to pay, and employed an external specialist who managed to unlock most of the data so Joe could continue his business, albeit with some disruption. A lucky escape!
The second attack was a repeat ransomware attack 3 months later. Joe had done nothing in the meantime to harden his business against cyber attacks. Again, Joe refused to pay, and again employed an external specialist. But this time there was no data left to retrieve – the attacker had deleted it (and probably exfiltrated it to access financial data or customer credit card information). Joe said that at this point he’d have reluctantly paid the ransom ($40K) but he didn’t have cash to do so. Joe’s business was dead.
How can SMBs fight back against ransomware attack?
SMBs like Joe’s can implement security mitigations complying with all eight of the ACSC’s Essential Eight security framework. If Joe had done so, he would almost certainly still be in business today. If he’d even implemented just a couple of measures he’d have substantially reduced his risk. The following two mitigations from the Essential Eight provide an example of effective risk management that would have given Joe’s business a better chance of survival – and the same is true for all SMBs.
Regular backups
This mitigation action calls for regular data and systems backups (at least daily). Many online businesses – like Joe’s – need more frequent backups so they can restore systems and data to a very recent position. SMBs should implement a backup frequency that suits their specific conditions.
This mitigation also recommends regular testing of the recovery process. Testing proves that the backup solution works, and that data can be restored in the event of a ransomware or other attack. If Joe had implemented this he might have had to lose up to a day’s worth (or less) of data – which would have impacted but not destroyed his business.
Subscribe to the High-Performance Strategies series!
Multi-factor authentication(MFA)
The ACSC says: “Multi-factor authentication is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information.”
MFA forces users (whether inside or outside the organisation) to provide two or more types of authentication (e.g. username and password, plus a finger or eye scan, or a PIN texted to their phone). MFA makes it much harder for hackers to get access to a system through stolen login credentials – which is likely how Joe’s attacker gained access to his system and data.
These above actions describe just two of the eight recommended mitigations. When SMBs follow the actions and metrics for each of the eight mitigations, it builds up to a comprehensive, joined-up security strategy that can foil ransomware plotters and keep cyber crime at arms length.
The Essential Eight is the outcome of some serious thinking by highly talented ACSC cyber security experts and provides a practical and realistic starting point for many SMBs to prevent ransomware and other attacks. The fact that it’s also free just makes it even more compelling.
Subscribe to the Cyber security series!
Interested in learning more about the secrets to reduce your exposure to ransomware attacks as well as other cybersecurity threats? Subscribe to our content series today.
Thanks for subscribing to news and update related to Cyber security strategies.
Subscribe to the Cyber security series!
rhipe is a global leader in cloud and technology solutions, providing partners with business advisory and deep domain technical expertise to thrive in the growing cloud market. rhipe is recognised as an expert in subscription software licensing in Asia Pacific. Its multi-award-winning services and support division is the industry leader in Microsoft Office 365 implementation and other global vendor solutions.
Insights
Modern Work 2027
Explore data trends from the Future of Operations and learn how to turn insights into action in the Productivity domain.
Business
Veeam Immutable Backup
Find out why Veeam Immutable Backup is a solution fit for responding to increased demand for optimised security in backup and recovery data.
Insights
Business Continuity 2027
SMB operations in the Asia Pacific region are shifting from traditional backup and disaster recovery toward something more transformative.
Insights
Cloud Strategies 2027
The latest in our Future of Operations insights series looks at why SMBs are pursuing hybrid cloud and multi-cloud strategies to achieve their business objectives.
Training
Harnessing Hybrid Cloud
Explore how Azure can help partners respond to dominant trends within SMB customer cloud strategies.
Business
CSP Price, Margin and Value
CSP price and margin matter, but Microsoft's program updates mean partners must weigh up short-term discounts over strategic alignment.
Insights
Partners of the Future
Rhonda Robati, Executive Vice President of Crayon APAC assesses the factors driving Microsoft's channel strategy and the evolution needed to be a Partner of the Future.
Blogs
Choosing the right Cloud Distributor
Warren Nolan believes Microsoft has invited partners to join them on a new journey to value, and the role of Cloud Distribution providers has never been more critical.
Blogs
Proactive Steps for CSP Program Partners
After decades of experience navigating seismic shifts in vendor strategy, Warren Nolan knows the importance of being pragmatic and proactive in the face of disruption to the Microsoft CSP Program.
Blogs
Microsoft CSP Program Updates
In the first of a three-part series, Warren Nolan, SVP Strategy and Channel explores the recently announced updates to the Microsoft CSP program and the opportunities it presents.
Vendor Announcements
Microsoft’s new CSP requirements
Microsoft's new CSP requirements mean Direct Bill partners should take proactive steps to re-evaluate current models. Crayon can help.
Guides and eBooks
The Microsoft Fabric Partner Guide
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Blogs
Unlock Customer Data Value with Microsoft Fabric
Explore how Crayon gets partners and their customers on the road to data-led innovation and growth.
Guides and eBooks
Microsoft Fabric Adventures
eBook: The world's greatest detective is on his toughest case yet. Find out how human ingenuity combined with unified data analytics unravels a series of wicked riddles!
Training
Exploring Microsoft Fabric: Crayon Cloud Chat
Join in-house experts and Solentive for an exploration of how Microsoft Fabric supports the journey to data-driven business for your customers.
Blogs
Windows 11 Upgrade
With Windows 10 nearing end-of-life, it's time for partners to prepare customers for the transition to Windows 11.
Insights
Tech Buying Budgets for SMBs on the Rise
SMBs across the APAC are not just increasing their technology investments—they are making strategic, forward-thinking moves to position themselves for long-term growth.
Insights
SMB Strategic Objectives
Small to medium-sized businesses in the APAC region are gearing up tech investments to drive outcomes for customer experience, revenue, business adaptability and innovation. How will SMBs leverage emerging technologies to achieve their strategic objectives?
Insights
Future of Operations 2025
What are the most critical business objectives and solution adoption priorities for SMBs in our region? Download the latest Forrester study to find out!
Case Studies
Crayon Security Assessment service delivers growth for AfterDark
Working with Crayon, AfterDark scaled its ability to build longer-term cybersecurity engagements with customers.
Vendor Announcements
EA to CSP Transition Made Easy
Microsoft changes to its licensing programs means some customers will not be able to renew EAs. Find out how to transition them to CSP in hours, with no disruption or upfront cost, only with Crayon.
Blogs
Finding Success in Saturated Markets
Blogs
What to consider when building a Security Practice
