How is the government helping small and medium enterprises (SMEs) with their cyber security?
Earlier this week we reported that the Australian government has detailed its $1.67 billion cyber security plan, centered on protecting critical infrastructure, but also helping small and medium-sized organisations become more resilient online. Atop the list of priorities for the cyber policy are new investments in defending critical infrastructure, stronger defences for government networks, as well as a number of initiatives to raise cyber security awareness and encouraging people to join the cyber security workforce.
Interestingly, the strategy also includes a number of key areas of focus for small and medium-sized enterprises, to both educate them and increase their cyber resilience. Today, we’ll be exploring exactly what that means. All up, there’s $63.4 million worth of support for SMEs, so where is that money set to be allocated?
It’s important to first note that the government has, and will continue to place more emphasis on collaborating with organisations that have an information security policy in place. In its strategy, the Department of Home Affairs has said that “the Australian Government will work with industry to consider and clarify the cyber security obligations of industry in the future, including through regulatory reforms,” meaning that organisations will be on the receiving end of a new-found focus on cyber security within their networks.
None other than Microsoft issued a public submission to the Cyber Security Strategy 2020, stating that “today, cyberattacks from increasingly sophisticated actors threaten organisations across every sector, and whether a large ASX 100 company or a local bakery, organisations of all sizes need to take steps to limit the dangers posed by these threats.”
The potential domino effect of one organisation being compromised means that widescale damage can be inflicted on the economy with a single breach. The government recognises this risk, and with its latest policy, it’s attempting to mitigate the threats.
For more information on ISO 27001 – Information Security Management Systems – or for your Free ISO 27001 Gap Analysis Checklist, Click here.
Moving specifically to the policy’s emphasis on small and medium-sized enterprises, the strategy reads that “government and large businesses will assist small and medium enterprises (SMEs) to grow and increase their cyber security awareness and capability.”
“Integrating cyber security products into other service offerings will help protect SMEs at scale and recognises that many businesses cannot employ dedicated cyber security staff,” it says.
According to the strategy, the Australian Government will prioritise support for SMEs through a number of key initiatives:
- A $12.3 million expansion to the ACSC’s 24/7 cyber security hotline will enhance the provision of cyber security advice and technical assistance.
- The $8.3 million Cyber Security Connect and Protect Program will equip trusted organisations to raise the cyber security of SMEs in their local area.
- The placement of outreach officers in Joint Cyber Security Centres will support SMEs.
- Supporting the roll-out of threat-blocking technology will prevent known malicious cyber threats from reaching Australian consumers and businesses.
- The ACSC Small Business Cyber Security Guide provides tailored advice to protect against the most common cyber security incidents.
- ACSC-produced Step-by-Step and Quick Wins Guides provide practical instructions with visual aids outlining actions SMEs can take to protect themselves.
- The ACSC Stay Smart Online Program promotes best practice cyber security advice and encourages businesses to protect themselves online.
- Toolkits published on cyber.gov.au will help SMEs raise cyber security awareness among their staff members.
- A dedicated online cyber security training program hosted on cyber.gov.au will help upskill SMEs and their staff members.
- Law enforcement will have strengthened capabilities to identify and disrupt cyber criminals targeting Australian businesses.
Those initiatives total $63.4 million, including $26 million for the expansion of the ACSC’s support for small and medium enterprises, $10 million to boost its eSafety investigation and support team, $8.3 million for the Connect and Protect Program, $8.2 million for its industry outreach program, $4.9 million for its cyber security awareness initiative, and $6.1 million for supporting the victims of cyber crime.