The number of reported cyber security incidents globally has increased 48% to 42.8 million in 2013, according to The Global State of Information Security Survey released today by accounting firm PwC.
But PwC’s research found as cyber security attacks have become more frequent and costly, budgets to manage and mitigate them have shrunk.
Globally, the estimated average financial loss from cyber incidents was $3.07 million, which is a 34% increase over 2013.
PwC’s report identifies “mid-tier” and small businesses as the “weak link” because they have less sophisticated controls in place, or because they make less effort than larger businesses to monitor the security of their partners, suppliers and supply chains.
In Australia, cyber incidents reported to be caused by current employees increased by 5%, while incidents attributed to current and former service providers, contractors and consultants were down by 17% and 19% respectively.
PwC Australia’s national cyber leader, Steve Ingram, told SmartCompany many SMEs think a cyber attack is “too fanciful, too dramatic or too strange” and the attitude he encounters is “it won’t happen to me”.
But Ingram says it is likely most SMEs have actually suffered an attack on their business already whether they are aware of it or not.
“It’s easy to be scared but there is an opportunity for SMEs in this space – we know how to drive down the highway safely but we don’t have that intuitive sense with the internet yet, we just do it blindly,” he says.
Ingram says fear over the security of systems like cloud storage are misplaced.
“The cloud, if you set up properly, can be as secure as other systems,” he says.
“So many breaches don’t target systems, they target people.”
Protection alone is not enough, according to Ingram.
“The Great Wall of China doesn’t work and a fire wall doesn’t work, you need it but you need to do more,” he says.
“You have to educate people and have a system that detects breaches. You then need to have in place a plan with how to deal with an incident.”
Ingram says cyber attacks to look out for are:
1. Spear fishing: When your business systems are well secured, cyber crooks “throw something over the wall” by sending an email from a familiar source which includes a document or attachment. Within that document or attachment is a virus that deploys to your hard drive and starts the infection. Ingram says to prevent this employees need to know what to look out for in a spear fishing email.
2. Ransom ware: Ransom ware attacks involve sending an email that says a package is being dispatched but the email includes encryption which is deployed to your hardware. “Crooks say ‘pay me $500 or I won’t release your hard drive’,” says Ingram.