SYDNEY, Australia – 8 June 2010 at 12.0am (AEST) – Symantec Corp. (Nasdaq: SYMC) today released the results of its survey on the security trends and behaviours of small and medium businesses (SMBs) in Australia as part of National Cyber Security Awareness Week. The survey revealed that 56 percent of Australian SMB respondents have been affected by a cyber threat, up from 46 percent in the 2008 survey. This increase can be attributed to the continued growth in both the volume and sophistication of cybercrime attacks combined with a decline in IT budgets and a reduction in the number of SMB respondents that have policies to guide staff on safe Internet security practices.
The survey also found that SMB respondents believe that cybercriminals are the most dominant security threat. Nationally, 52 percent of respondents rated malware created by cybercriminals as the most likely security threat to their business.
The survey also revealed that 22 percent of all emails received by respondents were spam and some 23 percent of SMB respondents have been impacted by a phishing scam. The average headcount for the 510 surveyed firms was 55. Assuming each employee receives 20 spam emails each business day and works 225 days a year, respondents are collectively having to find time to delete nearly 250,000 spam emails a year.
"Cybercrime is a warranted concern for Australian small and medium businesses. In 2009, Symantec identified more than 240 million distinct new malicious programs globally, a 100 percent increase over 2008 1," said Craig Scroggie, vice president and managing director, Symantec, Pacific region. "Our research shows that cybercriminals are continuing to threaten Australian businesses and it's now more important than ever for Australian SMBs to protect their information by investing in educating their staff, developing security policies and deploying a comprehensive security solution across the business."
Australian Small and Medium Businesses Doing More With Less
The survey revealed a slight decrease in IT expenditures among the SMBs surveyed. Average spending in 2009 declined slightly to AUD$130,000, compared to approximately AUD$140,000 in 2007, with cost emerging as the dominant concern preventing companies from upgrading their security and data protection tools and practices. Another notable change, was that 73 percent of SMB respondents have a policy to guide staff on Internet security practices compared to 83 percent in 2008.
"We hypothesize that slight revenue declines caused by the global financial crisis may have forced SMBs in Australia to do more with less and as a result they may have made security and data protection less of a priority. The survey findings suggest that SMBs have relaxed their defenses at a time when cybercriminal activity has become more prevalent," said Steve Martin, director, SMB, Pacific region, Symantec.
While 87 percent of businesses surveyed have an Internet security solution installed, only half of the respondents have a comprehensive protection suite that includes an integrated antivirus software, spam filtering and firewall solution. Most respondents have one or more of these solutions. Only a small percentage (6 percent) of respondents are not keeping their security software subscriptions up to date.
"These findings indicate that some SMBs are trying to be more effective with their security practices. However the remaining 50 percent of SMB respondents are still using point solutions that are not cost effective and put them at increased risk of cyber attacks. It is recommended that small and medium businesses deploy more than just point solutions such as standalone antivirus technologies and consider integrated security solutions that provide the right level of protection without compromising on price. A proactive approach to security and data protection minimises the risk of losing confidential information and shields businesses from cyber attacks," added Martin.
Signs of Improvement
The survey did show some signs of improvement. Most Australian businesses surveyed have recognised the importance of security and data protection to their business by automating these two tasks. Nearly two-thirds of respondents use security software that automatically updates itself to protect against new threats, while almost a third have adopted backup practices that see new data backed up as soon as it is created.
"It is encouraging to see that Australian small businesses are not leaving protection of their computers and data to chance, with nearly one third of SMB respondents deploying continuous, automated backups. For Australian businesses to be using continual data protection already suggests they have a refined understanding of the risks that come with lost data and have invested wisely to protect themselves," said Martin.
- Thirty-one percent of SMB respondents rate social networks as a likely security threat. Whilst the number of businesses who saw social networking as a security threat remained flat at 31 percent, the percentage of those that weren't sure doubled from 6 percent to 12 percent. This suggests that businesses are thinking more about this medium but still don't fully understand the implications. In addition, the perception of threats posed by mobile devices is also steady.
- Catastrophic failures – not user error – was the source of data loss for SMB respondents. Fifteen percent of businesses have lost data in last 12 months that they could not recover and five percent did not know if they had lost data at all. Primary reasons for the loss were hardware failure or systems corruption at 58 percent; lost or stolen devices at 12 percent; virus infection at 11 percent; physical break ins and natural disasters at 7 percent each.
- A majority of SMB respondents will use Windows 7 by the end of 2010. Just 12 percent of respondents reported using Windows Vista as their main desktop operating system, while 57 percent continue to use Windows XP and 18 percent are already using Windows 7. Forty-five percent of respondents plan a move to Windows 7 during 2010.
- The survey also showed that responsibility for IT security has shifted slightly from sole responsibility to joint responsibility at 66 percent this year, up from 61 percent in 2007.
Top Tips for Australian Small and Medium Businesses
Symantec recommends the following tips to help SMBs stay safe online:
- Develop a security and data protection plan that defines the procedures, guidelines and practices for securing and managing your information.
- Implement a comprehensive and integrated security solution that reduces spam, is more than just antivirus technology and will safeguard the business from external threats, internal threats and information loss.
- Educate staff to avoid clicking on suspicious links in email, IM messages or on social networking sites.
- Use strong passwords that have at least eight characters and combine alphanumeric and special characters.
- Combine security and backup and recovery software technologies to deliver complete information protection and keep desktops, servers and applications running smoothly in case of disruption.
National Cyber Security Awareness Week 2010 will be held from 6 to 11 June, 2010. More information can be found at: http://www.staysmartonline.gov.au/
The research was commissioned by Symantec and conducted in May 2010 by Bread and Butter Research. More than 510 IT decision makers in small to medium businesses that had five to 200 employees in Australia were surveyed. The research sought the opinions of Australian SMBs on security and data protection through an online survey that required fifteen minutes to complete.