Cyberattacks are not limited to banks, government agencies, or large technology companies. The recent cyber incident involving a gelato brand is a timely reminder that attackers will target any organisation that holds valuable data, has connected systems, or relies on digital operations.

According to the Australian Computer Society (ASC), ransomware group DragonForce claimed it had stolen more than 350GB of data from them, including alleged employee information, payroll details, visa documents, senior staff contact details, and operational records. The business later confirmed it was investigating unauthorised access to part of its systems and had notified the Office of the Australian Information Commissioner (OAIC) and the Australian Cyber Security Center.

For SME businesses, the message is clear: cybercriminals are increasingly looking beyond traditional high-profile targets. Retailers, hospitality businesses, professional services firms, manufacturers, franchises and local operators can all be exposed because their defences and technology controls are often less mature. Rather than spending significant time, effort and money trying to breach one heavily protected organisation, attackers can target many smaller businesses at once, where the barriers to entry may be lower and the chances of success much higher. Stolen employee or customer data can lead to scams, impersonation, financial loss, reputational damage and operational disruption. While practical steps such as backups, multi-factor authentication, software updates and staff awareness are essential, they need to be checked regularly to ensure they are working as intended. That is why regular cyber reviews matter.

Cyber reviews help businesses identify weak points before attackers do, including poor password practices, outdated systems, risky access permissions, insecure email settings and gaps in backup or recovery plans.