4Micro Managed IT Services

Explore my side projects and work using this link

Upsidedown is a WordPress theme design that brings blog posts rising above inverted header and footer components.

Cyber-attacks rising, but cybersecurity spending down

Written in

by

dale

Cyber-attacks are up, but spending on cybersecurity is down in the small business sector. That can’t be good right?

It’s a choice between acquiring new customers and staying in business, versus investing in cybersecurity, and the results are in.

Revenue generating activities are winning, despite the security risks. According to research from Mastercard (November 2023).

Rising business operating costs are forcing unpalatable decisions. Cybersecurity is not just deprioritised – it’s the lowest priority for many smaller businesses.

Cost is the main reason cited to avoid addressing cybersecurity.

My attention is on the other primary reason to not invest in security – lack of knowledge about threats, and lack of knowledge about options to prevent incidents.

This is something we CAN do – raise security awareness. About how doable cybersecurity initiatives actually are.

Seriously. An example. The Australian Signals Directorate (ASD) has small business checklists and guides for small business. Action items that are laid out in easy to understand language. Organised from starter basic security advice, and illuminates a path through increasing security maturity levels.

The ASD “start here” basic cybersecurity checklist (the “basic steps to protect your business”) will make a genuinely outsized difference between avoiding a security incident, or becoming a victim of one.

They’ve got a 3 step basic security preamble that turns up a lot in the introduction of their advice to small business:

👉 Turn on multi-factor authentication
👉 Update your software
👉 Back up your information

These 3 points are important. And The ASD articulate in such a way to not sound overwhelming — to be achievable.

The tragedy then unfolds when small businesses leaders make assumptions about the sheer effort and expense of cybersecurity. Lack of knowledge about threats and how to stop them

These starter basic steps are incredibly important, and dramatically reduce vulnerability to cyber-attack.

I might be sounding a little pragmatic about “something being better than nothing”.

But there is a big jump from doing nothing about cybersecurity to reaping the rewards of at least getting the security fundamentals right. As a phase one.

And I think that’s exactly what the ASD advice is for small business.

A meaningful start on cybersecurity is doable, the alternative is not an option.

Tags

, , ,