The current threat landscape for SMBs


There is no doubt that cyberattacks are on the rise in the Australian Small to Medium Business (SMB) ecosystem. According to a 2017 survey by Webroot, 96% of SMBs in Australia believe their business will be susceptible to external cyber security threats this year. Even though they are aware of these threats, 71% of respondents admit they are not prepared to address them.

So why are businesses failing to invest the time and budget into protecting themselves against cyberattacks?


The Current SMB Landscape – Digital Transformation

More than two million SMBs employ over two-thirds of the total Australian workforce. So it’s safe to say SMBs are the backbone of the economy and play a defining role in shaping Australia’s identity. But when it comes to cyber security, Australian SMBs have been forgotten about. Prior to the launch of Red Piranha ‘Crystal Eye’, there was no SMB-specific security solution in the Australian market. SMBs often struggle to afford complex cyber security solutions, typically designed for large organisations that are catered towards their threat landscape. They also lack the skills, expertise, resources, and understanding to defend themselves. This was the rationale behind creating Australia’s first Unified Threat Management platform aimed at SMBs, Crystal Eye.

Australian SMBs need to understand that their businesses represent a lucrative opportunity for cyber criminals.  While they may not have resources or data at the scale of enterprise-level organisations, SMBs do have valuable business data, such as customer information that could be used in identity theft crimes, and can often provide unprotected access to larger companies.

Over the last decade, we have seen global business operations become increasingly reliant on data. Businesses are in the process of digital transformation, migrating their organisational processes to digital platforms. SMBs are also investing in digital tools, such as the cloud, CRM and electronic communications.

While these platforms alleviate the challenges associated with business processes, digital applications also create opportunities for cyber criminals to attack Australian SMBs.

Malware targeting Australian SMBs

We’re seeing a rise in encrypted, file-less malware attacks targeting Australian SMBs. As organisations are increasing encryption on network traffic to protect data from potential attacks, online cyber criminals are also stepping up their attacks to hide their malicious activities. Malware families are increasingly using methods, such as Secure Sockets Layer/Transport Layer Security, to encrypt the communications between the compromised end-point and the command-and-control systems to hide instructions, payloads, and other pieces of information being sent.

When the bulk of an organisation’s network traffic is encrypted, it makes sense from the criminal’s perspective to also encrypt their activities, since it would be harder for IT administrators to be able to tell the difference between safe and malicious traffic.

Affordable Protection from Cyber-Attack

Although malware attacks are the most popular type of attacks at the moment, SMBs need to be conscious of how all types of attacks will impact their business. Cyber threats such as phishing, ransomware, botnets, DDoS, Trojans, malware and spyware account for a considerable amount of financial loss for SMBs. According to the Australian Government, the average cost of a cyber-attack to an Australian business is $276,323 per year. With the IT ecosystem increasing in complexity, SMBs struggle to afford expensive products typically designed for large organisations and lack the resources to implement these.

Here are a few ways you can improve your cyber security posture and protect your business from complex attacks:

Investing in cyber security awareness
While you may think you’re up-to-date with the current trends in cyberattacks, cyber criminals are already two steps ahead, devising sophisticated methods to attack your business. An important strategy for any organisation, especially for SMBs, is to train your staff members with cyber security awareness training. How your staff operate within your organisation is crucial to defend against phishing, Trojan and malware attacks.

Vulnerability and penetration testing
An easy way to understand your current cyber security posture is to test the vulnerability of your organisation. This type of test will give you a glimpse into your current level of cyber security defense and provide you with an overview of how cyber criminals could potentially exploit your business.

A holistic defense with an in-depth strategy
Employing a unified threat management approach provides a single platform and clear visibility on the current threats impacting your business at any given time. But there’s no silver bullet when it comes to cyber security. Therefore, it’s crucial for your organisation to install multiple controls, in a cost effective way, to give your organisation a layered and holistic defense strategy.


Adam Bennett, Founder & CEO, Red Piranha.