Why SMEs and NFPs are vulnerable to cyber attacks – and what they can do about it

ITConnexion is set to provide fully funded cyber security awareness training for Australian SMEs and NFPs to help mitigate the risks.

The significant shift from working within secure office networks to people working from home and collaborating remotely has seen the risk of cyber security incidents increase alarmingly.  

Attacks such as scams, ID / data theft, and crypto (encryption) attacks become more frequent as malicious players exploit this new vulnerability that has a high chance of success.

End users are the biggest and most vulnerable target in most organisations and are continuously bombarded with spear-phishing and socially engineered schemes. The most universally proven means to combat this risk is user education so, to protect organisations, we need to educate the end users and increase their cyber security awareness level.

ITConnexion has been awarded grant funding under the Cyber Security Business Connect and Protect Program to provide Australian small and medium enterprises (SMEs) and not for profits (NFPs) with a cyber security awareness training program to help mitigate these risks.  

Program details

The program objectives are to help these organisations:

• raise cyber security awareness of their employees and company 
• foster action to further address and mitigate cyber security risks.

The funding will provide fully funded (free) cyber security awareness training for between 150 to 200 eligible organisations, which consists of:

• access to cyber security awareness training modules online for the organisations’ employees;
• white-hat phishing campaigns which will simulate realistic and challenging phishing attacks customised to the organisation industry/sector and localised to their area to increase the relevance; and
• consultation to discuss the training result and other ways to improve the organisations’ cyber security level maturity level and mitigation strategies.

Program schedule

The program is scheduled to run from April 2021 to December 2021.

Why SMEs and NFPs are vulnerable to cyber attacks

2020 marked a turning point for cyber security in Australia, in more ways than one. 

Cyber-attacks on Australian organisations are becoming increasingly common, and at both the government and business level, cyber security is becoming increasingly critical.

Cyber security in Australia

For the duration of 2021, ITConnexion’s cyber security awareness training is being offered fully funded for eligible SMEs and NFPs in Australia. This grant funding comes from the Cyber Security Business Connect and Protect Program from the Australian government, reflecting the government’s new focus on cyber security.

The Australian government rapidly pivoted to prioritise cyber security, following a wide-scale and sophisticated cyber-attack in June 2020. This was a coordinated attack on a range of Australian institutions, both public and private, including sectors such as education, health, and critical infrastructure.

Though cyber-attacks on Australian organisations have been increasing in both frequency and impact over time, this attack marked the turning point for what cyber security means for Australian businesses.

The impact of the pandemic

The June cyber-attack wasn’t the only event that changed the Australian cyber security landscape in 2020. The COVID-19 pandemic itself had a major impact, by changing working environments forever with more employees working from home.

With more and more remote collaboration, organisations are struggling to keep up with the new demands this places on cyber security. Home networks usually have far less robust cyber security, and with offices emptying out, this leaves organisations vulnerable. Organisations with smaller IT capacity, such as SMEs and NFPs, are at greater risk than enterprises and corporates.

In response, highly organised criminal hackers have adapted to exploit these vulnerabilities. This has driven the rapid rise of cyber-attacks seen since the beginning of the pandemic.

How SMEs and NFPs respond

Across all industries and sectors in Australia, organisations need to be aware of how their risk of cyber-attack has been and is increasing, and what steps they need to take to mitigate this risk.

Smaller organisations such as SMEs and NFPs are often less rigorous in their cyber security approach, under the assumption that they are smaller and therefore less important targets. However, as they usually have less sophisticated cyber security systems, this makes them more likely to be targeted by cyber criminals.

Though the Australian government is putting their money where their mouth is, with their funding of cyber security awareness training, cyber security is ultimately the responsibility of the organisation. 

Australian businesses have the responsibility to keep up to date with the rapidly changing landscape of cyber security. This includes investing in their IT technology and resources, as well as training their employees, who are often the first and final line of defence against cyber-attacks. With cyber-attacks on Australian organisations becoming more and more common, it is ultimately the business’s responsibility to keep their cyber security up to date. 

For more information about the program, please email us at CSATProgram2021@itconnexion.com.

For more information about ITConnexion in general, please visit our website www.itconnexion.com or email us at contactus@itconnexion.com.

This project is funded by the Australian government Department of Industry, Science, Energy and Resources through the Cyber Security Business Connect and Protect Program.