Cyber threats increase against Aussie SMBs
The latest survey by Symantec on the security trends and behaviours of small and medium businesses (SMBs) in Australia revealed that 56% of Australian SMB respondents have been affected by a cyber threat, up from 46% in the 2008 survey.
This increase can be attributed to the continued growth in both the volume and sophistication of cybercrime attacks, combined with a decline in IT budgets and a reduction in the number of SMB respondents that have policies to guide staff on safe internet security practices. The survey also found that SMB respondents believe cybercriminals are the most dominant security threat. Nationally, 52% of respondents rated malware created by cybercriminals as the most likely security threat to their business.
New Zealand figures generally follow the Australian trend.
The survey also revealed that 22% of all emails received by respondents were spam and some 23% of SMB respondents have been impacted by a phishing scam. The average headcount for the 510 surveyed firms was 55. Assuming each employee receives 20 spam emails each business day and works 225 days a year, respondents collectively have to find time to delete nearly 250,000 spam emails a year.
The survey revealed a slight decrease in IT expenditures among the SMBs surveyed. Average spending in 2009 declined slightly to $AU130,000, compared to approximately $140,000 in 2007, with cost emerging as the dominant concern preventing companies from upgrading their security and data protection tools and practices. Another notable change was that 73% of SMB respondents have a policy to guide staff on internet security practices compared to 83% in 2008.
“We hypothesise that slight revenue declines caused by the global financial crisis may have forced SMBs in Australia to do more with less and as a result they may have made security and data protection less of a priority. The survey findings suggest that SMBs have relaxed their defences at a time when cybercriminal activity has become more prevalent,” said Steve Martin, director, SMB, Pacific region, Symantec.
While 87% of businesses surveyed have an internet security solution installed, only half of the respondents have a comprehensive protection suite that includes an integrated anti-virus software, spam filtering and firewall solution. Most respondents have one or more of these solutions. Only a small percentage (six percent) of respondents are not keeping their security software subscriptions up to date.
The survey did show some signs of improvement. Most Australian businesses surveyed have recognised the importance of security and data protection to their business by automating these two tasks. Nearly two-thirds of respondents use security software that automatically updates itself to protect against new threats, while almost a third have adopted backup practices that see new data backed up as soon as it is created.
Notable trends highlighted in this year’s survey include:
- 31% of SMB respondents rate social networks as a likely security threat. Whilst the number of businesses who saw social networking as a security threat remained flat at 31%, the percentage of those that weren’t sure doubled to 12%. This suggests that businesses are thinking more about this medium but still don’t fully understand the implications. In addition, the perception of threats posed by mobile devices is steady.
- Catastrophic failures – not user error – were the source of data loss for SMB respondents. Fifteen percent of businesses have lost data in the last 12 months that they could not recover and five percent did not know if they had lost data at all. Primary reasons for the loss were hardware failure or systems corruption at 58%; lost or stolen devices at 12%; virus infection at 11%; physical break-ins and natural disasters at seven percent each.
- A majority of SMB respondents will use Windows 7 by the end of 2010. Just 12% of respondents reported using Windows Vista as their main desktop operating system, while 57% continue to use Windows XP and 18% are already using Windows 7. 45% of respondents plan a move to Windows 7 during 2010.