Symantec today released the results of its survey on the security trends and behaviours of small and medium businesses in Australia as part of National Cyber Security Awareness Week.
The survey revealed that 56% of Australian SMB respondents have been affected by a cyber threat, up from 46% in the 2008 survey. This increase can be attributed to the continued growth in both the volume and sophistication of cybercrime attacks combined with a decline in IT budgets and a reduction in the number of SMB respondents that have policies to guide staff on safe Internet security practices.
The survey also found that SMB respondents believe that cybercriminals are the most dominant security threat. Nationally, 52% of respondents rated malware created by cybercriminals as the most likely security threat to their business.
The survey also revealed that 22% of all emails received by respondents were spam and some 23% of SMB respondents have been impacted by a phishing scam. The average headcount for the 510 surveyed firms was 55. Assuming each employee receives 20 spam emails each business day and works 225 days a year, respondents are collectively having to find time to delete nearly 250,000 spam emails a year.
“Cybercrime is a warranted concern for Australian small and medium businesses. In 2009, Symantec identified more than 240 million distinct new malicious programs globally, a 100% increase over 2008[1],” said Craig Scroggie, vice president and managing director, Symantec, Pacific region. “Our research shows that cybercriminals are continuing to threaten Australian businesses and it’s now more important than ever for Australian SMBs to protect their information by investing in educating their staff, developing security policies and deploying a comprehensive security solution across the business.”
Australian Small and Medium Businesses Doing More With Less
The survey revealed a slight decrease in IT expenditures among the SMBs surveyed. Average spending in 2009 declined slightly to $130,000, compared to approximately $140,000 in 2007, with cost emerging as the dominant concern preventing companies from upgrading their security and data protection tools and practices. Another notable change, was that 73% of SMB respondents have a policy to guide staff on Internet security practices compared to 83% in 2008.
“We hypothesize that slight revenue declines caused by the global financial crisis may have forced SMBs in Australia to do more with less and as a result they may have made security and data protection less of a priority. The survey findings suggest that SMBs have relaxed their defenses at a time when cybercriminal activity has become more prevalent,” said Steve Martin, director, SMB, Pacific region, Symantec.
While 87% of businesses surveyed have an Internet security solution installed, only half of the respondents have a comprehensive protection suite that includes an integrated antivirus software, spam filtering and firewall solution. Most respondents have one or more of these solutions. Only a small percentage (6%) of respondents are not keeping their security software subscriptions up to date.
“These findings indicate that some SMBs are trying to be more effective with their security practices. However the remaining 50 percent of SMB respondents are still using point solutions that are not cost effective and put them at increased risk of cyber attacks. It is recommended that small and medium businesses deploy more than just point solutions such as standalone antivirus technologies and consider integrated security solutions that provide the right level of protection without compromising on price. A proactive approach to security and data protection minimises the risk of losing confidential information and shields businesses from cyber attacks,” added Martin.
Signs of Improvement
The survey did show some signs of improvement. Most Australian businesses surveyed have recognised the importance of security and data protection to their business by automating these two tasks. Nearly two-thirds of respondents use security software that automatically updates itself to protect against new threats, while almost a third have adopted backup practices that see new data backed up as soon as it is created.
“It is encouraging to see that Australian small businesses are not leaving protection of their computers and data to chance, with nearly one third of SMB respondents deploying continuous, automated backups. For Australian businesses to be using continual data protection already suggests they have a refined understanding of the risks that come with lost data and have invested wisely to protect themselves,” said Martin.
Notable trends highlighted in this year’s survey include:
Thirty-one percent of SMB respondents rate social networks as a likely security threat. Whilst the number of businesses who saw social networking as a security threat remained flat at 31%, the percentage of those that weren’t sure doubled from 6% to 12%. This suggests that businesses are thinking more about this medium but still don’t fully understand the implications. In addition, the perception of threats posed by mobile devices is also steady.
Catastrophic failures – not user error – was the source of data loss for SMB respondents. Fifteen percent of businesses have lost data in last 12 months that they could not recover and five percent did not know if they had lost data at all. Primary reasons for the loss were hardware failure or systems corruption at 58%; lost or stolen devices at 12 percent; virus infection at 11%; physical break ins and natural disasters at 7% each.
A majority of SMB respondents will use Windows 7 by the end of 2010. Just 12 percent of respondents reported using Windows Vista as their main desktop operating system, while 57% continue to use Windows XP and 18% are already using Windows 7. Forty-five percent of respondents plan a move to Windows 7 during 2010.
The survey also showed that responsibility for IT security has shifted slightly from sole responsibility to joint responsibility at 66% this year, up from 61% in 2007.
Methodology
The research was commissioned by Symantec and conducted in May 2010 by Bread and Butter Research. More than 510 IT decision makers in small to medium businesses that had five-to-200 employees in Australia were surveyed. The research sought the opinions of Australian SMBs on security and data protection through an online survey that required 15 minutes to complete.
National Cyber Security Awareness Week 2010 will be held from 6 to 11 June, 2010.
