Did The Cybersecurity World Forget Small To Medium Businesses?

Officials at the Australian Small Business and Family Enterprise (ASBFE) recently released a small business statistical report detailing the pattern and health of Australia’s small-to-medium enterprise (SME) sector—and it’s not good news. The report provides comprehensive data and charts discussing SMEs drive for innovation, commercialization of research, effects on national productivity, research and development, and value of relevant exports.

Australia basically follows the belief that the majority of businesses today are medium, small, or micro firms. In fact, 99.8% of all Australia’s business ventures are now SMEs, which means they cover all types of commerce and are very influential with the country’s GDP. However, nowhere does the report mention the need for SMEs to find a better cyber defense infrastructure, although most experts believe this to be true. According to some officials, the ASBFE report does have a “Barriers to business innovation” section; however, it only discussed the SMEs focus of funding for research and development, not defensive measures.

SMEs have a small number of workers carrying out all of its important business functions. By definition, medium size businesses have a maximum of 199 employees, while small businesses typically contain a maximum of 19 professionals. As a result, their revenue stream greatly depends on the performance of their staff, and because their dependence on technology is very high, reducing their operating cost is always a concern.

This heavy reliance on technology for day-to-day operations of SMEs makes them a prime target of cyber attacks and corporate espionage. With a small budget set aside to acquire computing assets such as desktop computers, laptops, physical network devices, accessories, and internet connectivity, their “hardening” funds are razor thin.

Most of their computing support is outsourced to a third-party vendor, as hiring a team of IT experts to serve as an internal technical support is pricey. Acquiring a corporate volume license for critical day-to-day software like Windows and Microsoft Office already takes a lot of funding, so many SMEs rely on free antimalware products to perform jobs typically done by higher-quality commercial products in bigger enterprises.

When hiring new staff, the cost of proper training is also a concern for SMEs with limited cash flow. However, budgets must be established for such training, as an untrained employee presents a major vulnerability in the corporate world. By default, Australian SMEs have an unacceptable level of negligence when it comes to cyber defense. Costs associated with commercial cybersecurity software and hardware are prohibitive, and SMEs are forced to cut corners in cybersecurity defense just to keep their doors open.

The cybersecurity industry, which is composed of vendors for antivirus and anti-spam, firewalls, and networking hardware, has not been particularly helpful to SMEs looking to secure their perimeter at a reasonable price. As a result, it is only a matter of time until an influential Australian SME company becomes the next casualty of a big security breach, massive virus infection, or ransomware.

It is time for the cybersecurity industry to become more of a positive influence in the world of computing, and not just a for-profit business. It is their responsibility to offer SMEs an acceptable entry-level SKU for their products and services that will cater to their size and budgetary limitations.