The Australian Signals Directorate’s (ASD) Cyber Threat Report 2023–24 offers a comprehensive look at the evolving cybersecurity landscape. With a strategic environment described as the “most complex since World War II”, the report highlights the increasing sophistication of cyber threats targeting Australian businesses, government organisations, and critical infrastructure. These insights are particularly relevant for SMBs, which form the backbone of the Australian economy but often face unique cybersecurity challenges.
The Threat Landscape for SMBs
The report highlights a sharp rise in cyber incidents, with over 87,400 cybercrime reports in the last financial year. SMBs continue to be targeted, particularly with threats like business email compromise (BEC), which accounted for 20% of reported incidents, and ransomware attacks. The average self-reported financial impact on small businesses rose to $49,600 per incident, an 8% increase compared to the previous year. For many small businesses, the near $50K cost of an incident could spell disaster and even result in the business needing to close for good.
Cybercriminals are also leveraging artificial intelligence to execute more targeted attacks. AI tools enable the automation of phishing campaigns and social engineering tactics, significantly increasing the effectiveness of cyberattacks while requiring fewer resources from attackers.
The Growing Risk to Critical Infrastructure
Critical infrastructure, a key focus of the report, saw 11% of total cyber incidents in FY2023–24. SMBs connected to or supporting critical infrastructure face heightened risks, with malicious actors seeking to exploit supply chain vulnerabilities. The most common attack vectors included phishing (23%) and the exploitation of public-facing applications (21%).
Why SMBs Need Robust Cybersecurity
The report serves as an important reminder that cybersecurity is not “set and forget”. For SMBs, adopting best practices like multi-factor authentication (MFA), endpoint detection, and routine backups are essential. Regular staff training and the implementation of frameworks like the ASD’s Essential Eight can significantly bolster resilience. SMBs should be aligned to cybersecurity frameworks wherever possible and work internally to reduce their risk.
The Role of Managed Service Providers
While the ASD emphasises national collaboration to improve resilience, the report also highlights the importance of businesses partnering with experts. Managed Service Providers (MSPs) play a pivotal role in helping SMBs navigate the complexities of cybersecurity. By providing proactive monitoring, tailored incident response plans, and access to cutting-edge technologies, MSPs are essential allies in the fight against cyber threats.
A Proactive Approach to Security
For SMBs, cybersecurity isn’t just a technical requirement—it’s a business imperative. The insights from the ASD report continue to highlight a long term saying in the cybersecurity space – “when, not if” – and SMBs need to focus on adopting this mindset regarding cyber incidents. By taking proactive steps and leveraging trusted partnerships, SMBs can protect their operations, safeguard their data, and contribute to a more resilient Australian economy.
This report reiterates that while the threats are growing, the solutions are within reach.
You can view, read and download the Full Report from the ASD here.