The report found that two in every three of the businesses surveyed experienced a cyber attack, with more than three-quarters of those suffering financial losses. Although the figure was 63% for smaller businesses Steve Martin, head of SMB for the Pacific region at Symantec, said they could not afford to be complacent.
“A criminal will target a cyber attack to where they can get the most financial gain but that’s not always going to be the biggest fish: there will be smaller fish that are easier to catch,” he said. “Businesses of all sizes need to be aware that there are a huge number of attacks being attempted.”
The report stated that the three biggest protection challenges come from the emerging areas of mobile computing, social media, and the consumerisation of IT.
Martin singled out social media as a weak point businesses needed to consider in their cyber security measures. “Social media is clearly here to stay but a lot of businesses don’t quite understand the potential risks or exposures that can occur. One of the most prevalent approaches that criminals use in social media is to take a social engineering form of attack,” he warned.
He explained that a compromised identity could easily spread a bad link because friends would trust the source more readily. “‘It’s come from a good friend. I trust that friend, so I’m going to click on the link.’ That can then lead to employees visiting a website that has been compromised that could automatically download malicious code on your PC.”
Social engineering and malicious code were two of the fastest growing attack vectors, according to the report: both grew 29%, respondents indicated.
Although most businesses are “generally supportive” of social media, Martin expressed concern that they were not completely across the risks and exposures. “Staff education and awareness would be pretty important in that case,” he advised.
Australian businesses were “doing a reasonable job of keeping in front of the game”, he noted, though the deployment of polymorphic code—where viruses attack a few computers before evolving to evade traditional anti-virus software—meant the threat landscape was changing “rapidly”.
“There are a couple of key things businesses should be doing: the first one is to ensure they keep their technology patched and up to date; the second thing is to make sure that your security software is kept up to date and that you’ve installed the latest versions that you’re entitled to,” Martin recommended. “If you’re running security software that’s three years old it’s unlikely that you’re going to be protected from today’s attacks.”
Businesses ranked their concern about cyber attacks over natural disasters and terrorism.