The latest Norton SMB Cyber Security Survey of New Zealand’s small to medium businesses (SMBs) shows that almost one in five (18 percent) have been targeted by a cyber attack. These cyber attacks were costly and left SMBs with an average loss of approximately NZD$19,000 for each cyber attack.
Furthermore, SMBs that experienced a cyber attack were most likely to have been attacked within the last two years, with almost half (48 percent) having experienced an attack within the last 12 months. The main sources for these attacks came from email or phishing scams (70 percent) and hacking attempts (47 percent).
The main impact of cyber attacks on SMBs were:
- downtime (45 percent)
- inconvenience (41 percent)
- expense for re-doing work (29 percent)
- privacy breach (16 percent)
- financial loss (15 percent)
- data loss (12 percent)
Of those that had lost data in an attack, one quarter of that data (24 percent) had not been recovered.
“Small businesses dominate the New Zealand economy: 97 percent of enterprises have fewer than 20 employees and 70 percent are sole traders,” says Mark Gorrie, Director, Norton Business Unit, Pacific region, Symantec. “Collectively they employ 29 percent of New Zealand private sector workforce and account for more than a quarter of New Zealand gross domestic product. That’s a lot of employees and critical business information to protect from cybercriminals.”
Critical business information not protected
Almost a third (31 percent) of business operators surveyed do not believe they would last a week without critical business information.
Despite this, one in five small businesses (19 percent) back up their business data no more than once a month.
Meanwhile 12 percent are required to retrieve lost data such as emails or deleted files on at least a monthly basis. Most business operators (62 percent) are using external hard drives for their backups, while almost one third were using a cloud provider for their backups.
Alarmingly, 16 percent of respondents backed up to their own computer and of these, 70 percent did not back up anywhere else, leaving themselves vulnerable to complete loss of data.
“It is concerning that New Zealand small businesses are leaving themselves and their critical business information exposed and vulnerable,” said Gorrie. “When 31 percent of businesses don’t think they can last a week without their critical business information – it makes absolutely no sense not to do everything you can to protect it.”
BusinessNZ Chief Executive, Kirk Hope, said data protection was necessary for all businesses.
One fifth of small businesses have no internet security solution
The survey found that 18 percent of SMBs in New Zealand do not have an internet security solution. The main reason business operators gave for forgoing internet security was that it was not a priority for their business (31 percent).
Even those businesses with internet security are taking some risks with their critical business information. While 92 percent of PCs and 89 percent of laptops are secured, that percentage drops to 61 percent for tablets and 42 percent for mobile phones.
“Once infected, nothing matters to cyber criminals but payment – they don’t care about disruption to business or the impact on customers. Not having basic internet security in place will, given time, compromise the business. It’s time for New Zealand SMBs to make online security a business priority and even consider cyber insurance to protect them should they be impacted by a cyber attack,” said Gorrie.
SMBs Held to Ransom
Ransomware prevents or limits users from accessing their system unless a ransom is paid. Only five percent of New Zealand business operators had been affected by a ransomware attack. Of the businesses surveyed who had experienced a ransomware attack, only thirteen percent had paid the ransom, which, on average, had amounted to $1,340. Ransoms were all in US dollars. All businesses affected by a ransomware attack had received their files back after they had paid.
Two thirds of business operators said they would likely report a ransomware attack to the police. When asked if they would pay the ransom, 68 percent of business operators didn’t think they would.
“Often people don’t know what to do, don’t understand their options, and don’t have the right security in place to combat a ransomware attack – so they pay the ransom,” said Gorrie.
“Unfortunately, when local businesses pay up it fuels the proliferation of this style of attack. What people actually do when their critical business information is held to ransom is often different from what they think they’d do in that situation.”
From the Experts: Security Tips and Tricks
As attackers evolve, there are many steps businesses can take to protect themselves. As a starting point, Norton recommends the following best practices:
1. Don’t wait until it’s too late to know your business: It’s tough running a small business during the best of the times, and sometimes businesses overlook things until it’s too late. Businesses shouldn’t wait until they’ve been hit by a cyber attack to think about what they should have done to secure their information. Not only is downtime costly from a financial perspective, but it could mean the complete demise of a business. SMBs need to begin understanding the risks and the security gaps within their business before it’s too late.
2. Invest in security and backup: To reduce the risk of being impacted by a cyber attack, SMBs must implement comprehensive security software solutions such as Norton Security for Professionals or Norton Small Business for all their devices. Businesses should also use backup solutions to protect important files, such as customer records and financial information, and should consider encryption to add further protection in case devices are ever lost or stolen.
3. Keep up-to-date: Ensure all your company devices, operating systems, software and applications are always up to date with the latest versions and patches. It’s a common pitfall for many small businesses to delay software updates, but outdated software, operating systems and applications often have security vulnerabilities that can be exploited, leaving many small businesses open to cyber attacks.
4. Get employees involved: Employees play a critical role in helping to prevent cyber attacks, and should be educated on security best practices. Since small businesses have few resources, all employees should be vigilant and be educated on how to spot phishing scams, ransomware attacks and made aware of web sites they should and should not visit on their work devices. Small businesses should invest in educating employees so they become your best line of defence against cyber attacks, not your weakest link.
5. Use strong passwords: Use unique passwords for all your devices and business accounts. Change your passwords every three months and never reuse your passwords. Additionally, consider encouraging staff to use Norton Identity Safe to further protect your information and keep cybercriminals at bay. Wi-Fi networks should also be password protected to help ensure a safe working environment.
6. Consider adding a cyber insurance policy: Cyber insurance policies can cover a business for financial losses resulting from cyber attacks. Only six percent of New Zealand small businesses currently hold a cyber insurance policy. Businesses with 4-20 employees were more likely to hold cyber insurance (10 percent) than smaller businesses.
About the survey
Norton’s SMB Cyber Security survey researched business perceptions of cyber security issues including computer backup, cyber security, ransomware and cyber insurance. This report presents the summary findings from the survey comprising a national sample of 525 business owners and operators, conducted from August 2–23, 2016. The businesses participating in the survey all employed between one to 20 people and were a registered business or sole trader in New Zealand. This research report was prepared by Gundabluey Research and fieldwork was completed by Consumerlink. It has a standard error margin of +/- 4.3 percent.
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps businesses, governments and people secure their most important data wherever it lives. Organisations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton suite of products for protection at home and across all of their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.
For more information/interviews please contact:
Debbie Sassine
Symantec Corporation
+61 405 735 323
