No where is it more noticeable than in small and medium business and not for profit organisation that cyber security is a major concern and problem across the board. The report from the Australian attorney general and his office does not help.
Typical of the labor party, that the problems are always someone else’s. In fact this never solves the problem but assigning the blame to someone else allows them to have a clear conscience. Assigning the blame never ” helped” anyone.
Small and medium business need leadership in the cyber security arena. They need help in getting information, implementing plans and policy, training and an understanding of what they need to do. SME’s have enough to do, they do not need the added pressure of being condemned because they didn’t install the right firewall.
The public servants and large corporations have the money to spend and the expertise to use in this area. SME’s do not. In a lot of cases SME’s are cash poor and resource poor, and they have little understanding in what is needed to create a secure business environment. I can guarantee that these same public servants and the staff of large organisations do not understand what is in place that protects them from a cyber security attack.
There are two points that I would like to make concerning the comments from the attorney generals department report.
In the last 5 years there is not a make or model of a router, router modem or ADSL modem that has been sold that does not have a firewall of some sort. In the case of the cheap ones, the firewall cannot be turned off. So the question concerning this is moot. The fact that small and medium businesses do not have a substantial firewall is the problem.
The second comment concerning SPAM is also misleading. Any business email system, whether it is in house, cloud based or an ISP account has a SPAM system in place. I cannot see Google apps, office 365 or an ISP based mail system not doing everything for its clients to stop spam. The amount of SPAM that is filtered at this level is around 99% so that last 1% is email that the user has to make a decision about.
On a last point, the antivirus requirement for a business are now well known and almost everyone has some level of anti Virus in place. It is no longer a choice of an anti virus product but more a choice of what you get when you install it.
So there it is I have had my rant, but i still stand by the fact that for all the gnashing of teeth that governments do it is about time you started helping the SME’s at the cyber security level. One of the largest problems is the education of SME’s with the problems associated with cyber security. The practical education with all users of the Internet should be important for every one.
I have a few ideas about how to do that but none of it requires the involvement of government legislation. Maybe it’s about time that the government people, both politicians and the public servants, get out of their ivory towers and understand what is happening in the real world.
In the real world we are at war, the cyber criminals are trying to steal and destroy everything that we hold dear, and we are trying to stop them. We need a change of focus because what we are doing at the moment is not working.