An increasing number of Australian small and medium businesses are becoming victims of cyber crimes, as the volume and sophistication of internet security threats grow and business IT budgets dwindle, a report has found.
The survey by internet security company Symantec found that 56% of Australian SME respondents have been affected by a cyber threat in the last year, up from 46% in 2008.
Symantec say the rise is due to the continued growth and complexity of cybercrime attacks, combined with a decline in IT budgets and reductions in the number of businesses that have policies to guide staff on safe internet security practices.
The biggest worry for businesses was malicious software created by cybercriminals, with 52% saying malware was the most likely security threat to their business.
The survey also found 31% of people saw social networks as a likely security risk and many see mobile devices as a threat to business.
Spam is also a significant problem – 22% of all emails received by people are spam and 23% of respondents have been impacted by a phishing scam.
Assuming each employee receives 20 spam emails each business day and works 225 days a year, respondents collectively delete nearly 250,000 spam emails a year, the survey found.
Declines in revenue due to the global financial crisis may have led businesses to make security and data protection less of a priority, with the average business spending $10,000 less a year on IT security.
“The survey findings suggest that SMEs have relaxed their defenses at a time when cybercriminal activity has become more prevalent,” Symantec’s director of SMB, Pacific region, Steve Martin, says.
Dr Mark Gregory, Senior lecturer in internet security at RMIT University agrees.
“I think companies are spending less on their IT and companies aren’t focused on ensuring that they’re utilising the services of experts and professional IT people in looking at their security,” he says.
Gregory says there isn’t one biggest threat to SMEs, but rather a range of effects that compromised internet security can have on their businesses.
“Some threats to businesses include loss of intellectual property, loss of information that companies consider important and the potential loss of reputation or indirectly the loss of funds due to loss of customers,” he says.
“Also there can loss of time and money directly,” he argues. “The cost associated of repairing problems is often significant, far more significant that preventing it in the first place.”
Only 6% of the businesses surveyed that do have internet security software are keeping the software up-to-date, and both Gregory and Symantec agree that businesses need to invest in internet security solutions and upgrade to prevent these threats.
“They should invest in building a relationship with a company that’s able to provide them with accurate and adequate security advice,” says Gregory. “They need to invest in the correct facilities, hardware and software to protect their organisation.”
“Education is equally important,” he says. “They need to invest in education of their staff about what is safe to do and what isn’t.”
Symantec identified more than 240 million distinct new malicious programs globally in 2009, double the number found in 2008.