McAfee’s State of Cybersecurity in Australian SMBs reveals Australian businesses are experiencing major threats to their security while one in four don’t think they’re protected at all
SYDNEY, Australia, 29 May 2013 – A survey of Australian SMBs commissioned by McAfee has found that almost two thirds (62.5 per cent) have experienced a cyber-attack in the form of a virus, worm or Trojan in the last 12 months, with over half of those impacted by these threats (51.5 per cent) claiming that their infrastructure had been attacked in this way three or more times during the last 12 months.
McAfee’s commissioned survey: “The State of Cybersecurity in Australian SMBs”, conducted in April 2013, has also revealed that just under half (46 per cent) of Australian SMBs indicated they had experienced a security breach or data loss as the result of deliberate sabotage from current or ex-employees during the past year. Of those affected, 24 per cent surprisingly revealed that they had experienced this form of breach or data loss at least three times.
On top of this, the research also presented that 25 per cent of technology decision makers in Australian SMBs aren’t confident that their organisation is adequately protected from electronic threats at all.
“Our research is a wakeup call for SMBs indicating that it’s not just the larger companies out there which are targeted by cyber-attacks, but smaller companies with a limited investment in infrastructure as well,” said Robbie Upcroft, SMB Lead at McAfee Asia Pacific. “Whether SMBs need education on the kind of threats to their business that are out there, or whether it’s something even more practical, such as a Managed Service Provider taking over their security operations, the sector appears to need all the help it can get.”
BYOD enters the fray
78 per cent of Australian SMBs now have Bring Your Own Device (BYOD) policies in their workplaces, enabling employees to purchase smart devices and use them for work tasks. As a result, 56 per cent of SMBs indicated that their employees do not have any form of Antivirus or Mobile Device Management (MDM) on their smart devices, making them – and the data on them – vulnerable. A further 18 per cent were unsure.
Aside from targeted attacks on SMBs, the increased penetration of mobile devices – at the behest of employees in many cases – is set to become a pain point for securing SMB environments with almost a quarter (24 per cent) indicating mobile device security will be their number one challenge in the year ahead.
“BYOD is a fascinating area of security as it is changing the face of IT security with the quite justifiable demand of employees to use their own devices for work purposes, that is now opening up enormous amounts of confidential business data to relatively insecure, or even totally insecure, devices,” said Mr Upcroft. “SMBs need to realise that the true price of BYOD is a lot larger than they might initially think – especially with so many making no move at all to have MDM or anti-virus on these devices holding their business data.”
Holding SMBs to ransom
Over half (58.5 per cent) of Australian SMBs were also not aware of the concept of “Ransomware”, a form of external threat where a cybercriminal blocks access to the businesses’ valuable data and charges a fee to access the information again.
Meanwhile, almost one in three (30.5 per cent) SMBs know what Ransomware is, having experienced it firsthand during the last 12 months with just over a third of this number (36.1 per cent) actually paying cybercriminals to retrieve their data.
Stop, thief!
Just under half of the SMBs surveyed (47 per cent) indicated they had experienced the theft of laptop or PC in the last 12 months. There was a similar degree of theft in proprietary information with 46.5 per cent of SMBs experiencing the theft of proprietary information via data breach. More than one in five (23 per cent) of this number indicated that this had occurred three or more times in the last year.
Good privacy is good business
A topic also covered in McAfee’s recent State of Privacy Awareness in Australian Organisations, included a discussion regarding the scheduled changes to the Australian Privacy Act. These discussions revealed many SMBs are unaware the quantum of fines (that may be imposed on entities that are subject to the Privacy Act 1998 (Cth)) will significantly increase from March 2014 onwards.
Significantly, 55.5 per cent further believe the introduction of the Australian Privacy Act changes will have no impact on their current privacy procedures.
“With the growing volume of big data being collected by Australian businesses, both big and small, the implications for protecting privacy and building customer trust are becoming more important than ever and could even be leveraged by some as a competitive advantage,” said Joel Camissar, Practice Head Data Protection at McAfee Asia Pacific. “Simply put, good privacy equals good business. With less than 10 months until the changes to the Privacy Act come into play, SMBs should seriously consider how these changes may affect their businesses.”
About the Research
McAfee’s The State of Cybersecurity in Australian SMBs research was conducted by global research firm AMI Partners across 200 Australian businesses (delineated as being businesses between 25 and 250 employees), targeting technology decision makers in telephone interviews across April 2013. The key objective of this research was to understand the different types of security threats and challenges faced by these organisations; the kind of business loss they faced; and the resulting impact to their business. This study also took a snapshot on awareness of new privacy legislation and how they will impact current security practices and policies. Quotas were set for various company sizes within SMBs and also covered the key industry verticals.
