Australian small businesses are “under attack” from cyber criminals, as increasing numbers of small businesses are having data stolen from both external threats and disgruntled employees, a new survey has revealed.
The survey released this week by security company McAfee found 45% of surveyed SMBs had been the target of an electronic attack in the past year – but that 46% had suffered a data or security breach as the result of disgruntled former or current employees.
Of those businesses, 24% had experienced this kind of attack three or more times.
Such findings are not uncommon. Several similar surveys from security firms have revealed SMEs are increasingly coming under attack, with cybercriminals opting to infiltrate smaller firms, which have less reliable security systems.
David Markus, SmartCompany tech blogger and Combo managing director, says SMBs are underinvesting in their IT systems, on the basis that “they get away with it most of the time”.
“This used to be okay, but today we’re living in the information age and every business has become dependent on their IT systems.”
“There’s now a significant motivation for people to hack whatever they can get into, it’s only a matter of time before everyone is attacked. It’s a numerical fact.”
McAfee Asia-Pacific SMB manager Robbie Upcroft told SmartCompany the statistics from the survey of 200 Australian businesses reflect a growing trend among SMBs.
“The sensational headline is SMBs are under attack, but this isn’t too far from the truth. If you think about the way cyber criminals are operating, they’re going to go where they can make an easy buck.
“Many SMBs don’t know or appreciate that the threat is real and that it could happen to them and, worryingly, many don’t have policies or procedure in place to combat this growing threat,” he says.
Upcroft says SMBs are an easy target for cyber criminals.
“If you’re a cyber criminal you can go after consumers with little data, you can go after the big corporations which you know will have protective measures in places, or you can target SMBs which have emerged as a lucrative area for the cyber criminals.
“They’re seen as potentially an easier target because of their lack of security, but they’re a goldmine because every SMB has information which is important and valuable to someone else.”
“For example, a small publishing company would have all the personal credit card data of customers,” he says.
The high numbers of employees past and present stealing from their employer is a problem generally unique to SMBs.
“We haven’t seen it as strongly in the larger organisations because they often have a greater handle on who has access to the data and where it’s flowing,” Upcroft says.
“For example, in many smaller businesses employees have the ability to dial in from home, but sometimes they don’t think about what happens when a person is fired and they don’t have procedures in place to have the remote access is switched off, so the former employee still has access to all the company information,” he says.
Markus says businesses need to think about the measures they can afford.
“These include things like external spam filters, not running webservers in house and putting basic firewalls in place and anti-virus software.”
“For many businesses, if their data is gone, the cost would be their business.”
The survey also found two thirds of respondents had experienced an electronic attack in the form of a virus, worm or Trojan in the last 12 months. Almost one in three had also been subject to Ransomware (an external threat where a cybercriminal blocks access to a business’s valuable data and charges it a fee to access the information).
Of the 30% of those surveyed coming into contact with Ransomware, 36.1% had paid money to the criminals to retrieve the data.
More than 58% of the respondents were not even aware Ransomware was a threat.
On top of the digital threats, many businesses have also lost data via the theft of a laptop, notebook, desktop PC or USB. Of those surveyed 47% of SMBs had had a laptop or PC stolen and 58% had a company USB or portable hard drive stolen.
Upcroft says SMBs need to invest in technology to avoid having “gaps in your armour”.
“You don’t have to spend much, but all small businesses need to think about ways they can protect their information.”
Upcroft says computers and USBs should all be password protected and within organisation people should only have access to information vital to their jobs. He says cyber attacks are going to continue to increase at a “fairly steep rate”.
“The sheer volume of data SMBs have online, the bring-your-own-device phenomenon and the amount of information they’re keeping in the cloud, makes it so attractive for the attacker to go after that market,” he says.
Not only can cyber attacks result in a loss of data, they can also be costly. In 2009, an entrepreneur was hit with $120,000 phone bill after hackers made 11,000 international calls from his internet-connected phone system.