ASD director-general Rachel Noble. (AAP Image/Bianca De Marchi)
The Australian Signals Directorate has issued an urgent cyber self-hygiene check to local small businesses on the back of recent attacks on major corporates to take stock of their ability to respond effectively to a spate of local incidents, including the Optus and Medibank incidents.
Dubbed ‘Exercise in a Box’ (EiaB), the attack prepping “allows you to test and practice your response to a cyber incident in a safe environment”.
The games for SMEs are lifted from the UK, where scams have eclipsed card fraud as the primary means of exfiltration of cash, with Australia slated to follow the UK’s example of authorised push payments that have opened a huge new fraud vector.
In the Australian context, it means the government is trying to get in early before massive losses like those seen in the UK wash up here. In the UK, the equivalent of the Consumer Data Right was meant to create self-empowered consumer mobility.
Instead, it’s empowered an opportunistic free-for-all for payments crooks who are mining a sector previously deemed uneconomical.
“This specially designed tool has proven very successful in the UK. It has been customised to help small-to-medium businesses in the Australian threat environment,” said Stephanie Crowe, first assistant director-general, Cyber Security Resilience at the Australian Cyber Security Centre.
“Last year the ACSC received over 76,000 cybercrime reports, an increase of almost 13% from the previous financial year. Ransomware remains the most destructive cybercrime threat in Australia due to its significant financial and reputational costs.”
So what’s in the package for business?
“Exercise in a Box works by taking a small group of your key staff through a series of structured questions relating to an area of cybersecurity,” Crowe said.
“By completing the exercises, you will understand the risks your organisation is currently exposed to, and what you can do about it. Each exercise concludes with a report that offers practical guidance on improving the cybersecurity of your organisation.”
It’s from the card-carrying spooks. It’s free. And it preps for an audit. The appeal to small businesses previously reliant on consultants or themselves is not hard to understand.
This article was first published by The Mandarin.
ABOUT THE AUTHOR
Handpicked for you
Debunking three myths about cyberattacks so your small business can be better protected
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.