The number of cyberattacks targeting SMEs has increased in the past year, according to a new international survey, which reveals Australia is increasingly becoming a target for these types of attacks.
The findings gel with advice from a variety of cybersecurity sources, which also say small businesses aren’t doing enough to protect themselves from attack. In the past few years, several Australian SMEs have been targeted.
The latest Symantec Internet Security Threat Report has found the proportion of attacks specifically targeting SMEs increased from 18% in 2011 to 31% in 2012.
Manufacturing as is at the top of the list of most targeted industries, which Symantec attributes to more attacks targeting the supply chain.
“Cybercriminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.”
“Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company.”
The report also found there was a 42% increase in “targeted” attacks, meaning attacks which specifically focus on a company or website in order to extract specific information.
Peter Sparkes, director of managed security services and Symantec Asia-Pacific, told SmartCompany yesterday the trend has very much shifted towards cybercriminals attacking small businesses as their security systems are much less sophisticated.
“A lot of the larger companies have increased their security posture. The technology now allows cybercriminals to target businesses at this level,” he said.
Sparkes also says businesses may not necessarily be targeted for their own information, but for details on business partners. If a large company has a sophisticated security network, cybercriminals may attempt to extract login or financial information from a smaller partner.
The survey revealed Australia is now ranked as the 21st most targeted nation for cyber criminals, up three places from 2011. Local businesses are increasingly becoming targeted by spam, malicious codes and phishing hosts, the report said.
“The sophistication of attacks coupled with today’s IT complexities, such as information explosion, virtualisation, mobility, cloud and the consumerisation of IT, means Australian businesses are more exposed across the board.”
The survey showed increasing trends such as mobile malware, which increased by 58%, with 32% of all mobile threats attempting to steal information.
It also revealed reason for caution – 61% of malicious websites were legitimate sites that had been infected with malicious code. Business, tech and shopping websites were among the top five websites hosting infections.
Sparkes says businesses need to work on protecting their data. He says businesses need to identify the people in your company who handle the most sensitive data, and work on securing that as a priority.
“You need to understand there is a risk, and understand the value of the IPO you hold.”
“You need to ensure your business partners and clients aren’t exposed by you having relaxed security controls.”