Australian businesses are being targeted by cyber-attacks and they don't even know it, new report claims
Australian businesses are under attack. A new report from the Attorney-General's office has found major businesses are suffering attacks resulting in a loss of confidential or proprietary information, mostly due to software that isn't up to date or protected by firewalls.
The Cyber Crime and Security Survey report is yet another testament to the changing face of Australian business, with SMEs now expected to be up to speed with how to digitally protect their businesses.
AVG security advisor Michael McKinnon says businesses need to start realising it isn't just big businesses being targeted – small firms are in the firing line as well.
"If you don't have the right knowledge in terms of securing your network, nothing you do will fix that problem until you acquire an understanding of how to do that," he told SmartCompany.
The AG report found out of 250 respondents in the business community, 20% said they had experienced a cyber-attack in the past 12 months, with 20% of those experiencing more than 10 incidents.
This was despite over two-thirds of companies having staff with tertiary-level IT qualifications, and nearly two-thirds of businesses using IT security-related standards. Two-thirds of respondents also said they had incident management plans, and 90% used firewalls, anti-spam filters and anti-virus software.
Of the organisations which said they had experienced a cyber incident, 17% lost confidential or proprietary information, while 16% experienced a denial of service attack – 10% suffered financial fraud.
One-fifth of respondents didn't report the attack to authorities due to fear of negative publicity.
McKinnon says the results are worrying, especially due to the number of businesses which said they had experienced repeat attacks.
"You have to ask, what about the 80% which said they didn't know if they've experienced a cyber incident?"
"One of the things that is a concern here is how businesses use firewalls – but the report suggests one in 10 aren't. That is still a concern. Why is a firewall not a default that a company always has switched on?"
"I don't see how it's even technically feasible that anyone could run without a firewall, or at least some sort of anti-spam mechanism, given 90% of email messages are spam."
More small businesses are experiencing cyber-attacks, as hackers opt to target a range of smaller, more vulnerable organisations with the hope of stealing financial data. The attacks are forming what many analysts are calling the new main area of warfare, as both corporations and governments gear up to protect themselves – and attack others – in the digital realm.
McKinnon says the report is a wake-up call, especially as it notes over 50% of organisations have increased their spending on IT security in the past 12 months. Business owners, he says, need to start paying closer attention to attacks that may be happening without their knowledge.
"For system administrators, you need to look at log files and then find out what's actually on there on your network. If you're just going about doing your business and ignoring your network, it's quite possible you're experiencing cyber incidents you're not aware of."