A raft of recent surveys from Australia and abroad have identified small business as the surprising target of cyber hackers around the world as they are usually more vulnerable than larger businesses to attacks.
While the amount of money that can be stolen from a small business as a result of a cyber attack is far less than the amount that can be stolen from a larger business, the sheer number of small businesses mean that there are a large number of vulnerable targets, according to a 2018 report by computer giant Cisco.
Small businesses can also act as a doorway into the systems of larger business with which SMEs interact.
Closer to home, Telstra released a survey of IT professionals last week from more than 300 Australian companies and found 81 per cent had experienced a ransomware incident (where company information was stolen and held for ransom) and 51 per cent paid the ransom.
Ms O’Neill said cyber security was the key cause of anxiousness among many of NAB’s clients and the bank was looking for ways to reduce these concerns.
“We already provide some education and we provide that mostly online and it provides guidance for customers about how they might think about cybersecurity” she said.
“There is this opportunity for us to think about education or information in a segmented way more regularly.”
There is this opportunity for us to think about education or information in a segmented way more regularly.
Leigh O’Neill, NAB executive
Ms O’Neill recently visited Israel as part of a trade delegation with the Australian Israel Chamber of Commerce meeting with a range of cutting edge cyber security firms to find ways to protect their customers.
She pointed to the centralised cyber protection taskforce in Israel that includes a hotline for businesses to report cyber attacks. The taskforce then explores ways to resolve the hack and provides warnings to other businesses.
Ms O’Neill said a hotline for Australian business to respond if they feel that they might have been attacked was something that should be looked at locally.
“I think there is a role for other businesses in Australia as well as NAB to facilitate that,” she said.
But will NAB provide a white labelled cyber security program for its customers or even require its small businesses to carry a certain level of technology before being onboarded?
Ms O’Neill said the provision of technology would likely be a step too far.
“It’s one of the questions that we’re grappling with.
“Do we have a role in educating our customers? Absolutely. Because if we can provide them with insights and information that’s actionable about cyber security from a basis of knowledge that is a great thing.”
But she said there were legal and moral liability issues for the bank if something went wrong for customer using a NAB mandated technology. “We have to be a bit careful about where the liability sits.”
The reporter travelled to Israel as a guest of NAB and the Australian Israel Chamber of Commerce.
Sarah Danckert is a business reporter.