Australian Government to Fund the Ethical Hacking of Small Businesses

August 2, 2017

4 min read

1
compliance-council-image

Under a new cyber security initiative, Australian small businesses employing less than 20 people are to have penetration testing conducted by ethical hackers, funded by the Australian government.

The ethical hacking of small businesses is based on Australia’s cyber security strategy. This strategy aims to ensure that the government and private sector share more information on cyber threats. Australian universities have also been charged with training more cyber security professionals.

The Australian government has been proactive in data security and has passed the Privacy Amendment Bill 2016 into law. This law requires that organizations report data breaches and lost data to the Privacy Commissioner and customers. To ensure that businesses adhere to the privacy amendment law, the Australian government issues a fine of up to $360,000 for individuals and $1.8 million for organisations.

The Cyber Security Small Business Program is a component of the Cyber Security Strategy that has been mandated to improve cyber security for Australia's small businesses. The Registered Ethical Security Testers Australia New Zealand (CREST ANZ) received a grant from the Cyber Security Small Business Program to increase its pool of approved service providers, to satisfy the demand of businesses seeking their services.

What is Ethical Hacking/Ethical Security Testing?

‘Ethical hacking’, or ethical security testing or penetration testing, is hacking performed either by a company or individual to identify potential threats on a computer or network. Ethical hackers attempt to bypass system security and thus identify weak points that can be potentially exploited by malicious attacks. The findings are then used by organisations to implement measures to improve system security and minimise and eliminate potential attacks.

For hacking to be deemed ethical, the hacker must;

  • Obtain permission to examine the network in an attempt to identify potential risks
  • Maintain the company's privacy
  • Not use findings to exploit the company's vulnerabilities
  • Report any security weaknesses to the organisation

Why is Penetration Testing Necessary for Small Businesses?

  • Tests security measures
  • Finds vulnerable areas
  • Helps to understand hacker techniques
  • Prepares you for a hacker attack

What is the Extent of Cyber Security Risk in Small Businesses?

Cyber-attacks and breaches in large corporations are public knowledge. However, attacks on small businesses rarely get to the public, though they are equal targets of these attacks. Small businesses have more digital assets compared to individuals, but less security compared to large enterprises which makes them vulnerable.

A proliferation of recent cyber-attacks has caused extensive damage to governments, companies, and individuals. The recent WannaCry attack is a perfect example where ransomware inscribed itself on roughly 300,000 computers and digital software in more than 150 countries. Cyber threats do not only compromise sensitive company and customer data but also amount to huge costs and destroy the reputation of companies.

How Does Data Become Compromised?

  • Poor password practices
  • Insider malice
  • Weak access policies
  • Unsafe downloads
  • Phishing and social engineering
  • Unprotected data and emails

What Are Your Information Security Options?

  • Antivirus software: Defends against most types of malware.
  • Firewalls: Prevent unauthorised access.
  • Data backup: Helps recover lost information in case of a breach or cyber attack.
  • Encryption: Protects sensitive information such as financial, employee and customer data.
  • Password security software: Prevents the likelihood of password cracking.
  • Cyber security insurance: Helps recoup losses associated with data loss.

Why is ISO 27001 Certification Important for Small Businesses?

ISO 27001 is the internationally recognised standard for information security management systems. Certification to this standard proves to stakeholders and clients that you are properly managing the security of your information systems.

Cyber security is critical today, due to the magnitude of cyber threats that companies face every day. You can use ethical hacking to determine vulnerabilities within your IT systems and implement the necessary controls to secure them. This will protect your business from considerable financial losses and a damaged reputation in case of a data breach.

To learn more about the information security threats facing Australian businesses, download our free Whitepaper below:

compliance-council-image

Read Next

image

ISO 27001 vs NIST Cybersecurity Framework

Read more
image

ISO 27001: 6-Step Guide to Risk assessment and treatment

Read more
ASD's Essential 8

ASD's Essential 8

Read more

Sign up for our newsletter

Stay Ahead: Subscribe for the Latest Compliance Insights and Updates.

Select your preferences:

We care about the protection of your data. Read ourPrivacy Policy.