Create a free account, or log in

ASD issues urgent cyber self-hygiene check to small businesses

The Australian Signals Directorate wants SMEs to take stock of their ability to respond effectively to cyberattacks.
Julian Bajkowski
Julian Bajkowski
asd
ASD director-general Rachel Noble. (AAP Image/Bianca De Marchi)

The Australian Signals Directorate has issued an urgent cyber self-hygiene check to local small businesses on the back of recent attacks on major corporates to take stock of their ability to respond effectively to a spate of local incidents, including the Optus and Medibank incidents.

Dubbed ‘Exercise in a Box’ (EiaB), the attack prepping “allows you to test and practice your response to a cyber incident in a safe environment”.

The games for SMEs are lifted from the UK, where scams have eclipsed card fraud as the primary means of exfiltration of cash, with Australia slated to follow the UK’s example of authorised push payments that have opened a huge new fraud vector.

In the Australian context, it means the government is trying to get in early before massive losses like those seen in the UK wash up here. In the UK, the equivalent of the Consumer Data Right was meant to create self-empowered consumer mobility.

Instead, it’s empowered an opportunistic free-for-all for payments crooks who are mining a sector previously deemed uneconomical.

“This specially designed tool has proven very successful in the UK. It has been customised to help small-to-medium businesses in the Australian threat environment,” said Stephanie Crowe, first assistant director-general, Cyber Security Resilience at the Australian Cyber Security Centre.

“Last year the ACSC received over 76,000 cybercrime reports, an increase of almost 13% from the previous financial year. Ransomware remains the most destructive cybercrime threat in Australia due to its significant financial and reputational costs.”

So what’s in the package for business?

“Exercise in a Box works by taking a small group of your key staff through a series of structured questions relating to an area of cybersecurity,” Crowe said.

“By completing the exercises, you will understand the risks your organisation is currently exposed to, and what you can do about it. Each exercise concludes with a report that offers practical guidance on improving the cybersecurity of your organisation.”

It’s from the card-carrying spooks. It’s free. And it preps for an audit. The appeal to small businesses previously reliant on consultants or themselves is not hard to understand.

This article was first published by The Mandarin.