SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
In-depth: Norton by Symantec explains how Kiwi SMBs lose $19,000 from cyber attacks
Mon, 13th Mar 2017
FYI, this story is more than a year old

Norton by Symantec revealed the true extent of cyber crime on Kiwi SMBs this week in a new survey that showed the average loss from a breach is $19,000.

Kiwi SMBs account for 97% of all businesses, and 70% of those are sole traders.  48% of surveyed SMBs have been hit by an attack in the last 12 months, and the number is only going to grow if businesses don't start protecting themselves.

18% of SMBs don't have internet security at all, and 31% of those think it isn't a priority for their business.

70% of cyber attacks originate from email or phishing scams, demonstrating that Kiwi SMBs have some homework to do when it comes to identifying suspicious emails. Hacking attempts account for 47% of attacks.

We talked to Mark Corrie, Norton by Symantec's Pacific territory manager about the survey, what those results mean and what Kiwi SMBs can do to fight back.

With those $19,000 losses for each cyber attack, Corrie says that the main way businesses were hit was through email phishing scams.

He says that people continue to fall for these tricks, which is why the phishing attacks are so successful. Hacking and ransomware followed close behind in the danger stakes.

Those that do use security focus on PCs (92%) and laptops (89%), but only 61% of tablets are secured and 42% of mobile phones, the survey found.

Ransomware is still the talk of the security world, but in this case only 13% of Kiwi SMBs paid ransom demands. In the cliched New Zealand vs Australia battle, New Zealand comes out on top this time.

“In Australia, 11% had suffered an impact from a ransomware attack and 34% will pay the ransom. We believe that the more people pay, the more the threats keep coming. In New Zealand, 5% identified they'd suffered an impact from a ransomware attack.

“We encourage people not to pay. They need to protect themselves and they need to back up their data,” he says.

The survey also found that downtime affected 45% of SMBs, followed by inconvenience (41%), expense for re-doing work (29%), privacy breaches (16%), financial loss (15%) and data loss (12%).

“Time can be a big thing for a business. Whether it's downtime or inconvenience from recovering money or fixing devices, I don't think a lot of businesses actually think about that.

Corrie says that data backup is important - especially those who have suffered a crypto-ransomware attack, because it's unlikely that they could recover their data. The survey found that 19% of respondents back up their data once a month.

“Clearly a lot of backing up is being done manually. Unfortunately for a lot of people it takes suffering a loss to get proactive about backing up,” he says.

16% said they never backed up at all, and Corrie believes they're taking on a lot of risk or don't believe their data is important enough to back up.

62% of business operators used external hard drives for data backups, while a third used a cloud provider.

Corrie says that it's a great sign that so many SMBs are using cloud, as it provides automated and off-site backups.

Looking back at the Norton by Symantec brand, Corrie says it has a lot of recognition.

“As this cloud transition is happening, SMBs have a bunch of endpoints that work through cloud infrastructure. The Norton product can play more in that space now, which is why we're getting more proactive with small business.

Symantec has a large enterprise base, and now the company is bringing some of that security to SMBs through Norton interface which is simpler and user friendly - important for non-technical users.

Corrie also believes that managed service providers will also be critical for SMBs, particularly those with fewer than 20 employees. They seek outside help and then retailers bring in the managed service providers (MSPs).

“They have a lot of opportunity to help small businesses through backups and security,” he says.

The company is also keeping on top of that trend, as last week it also released a product on Ingram Cloud marketplace. Corrie says it's a critical part of the business that won't be ignored.

But talking about security risks are one thing, and putting them into actionable advice is another. We asked Gorrie for some basic tips for SMBs about how to become more secure.

  • Keep your devices up to date. A lot of people put off updates, but those updates do include security patches for vulnerabilities, so we encourage people to update their devices.  
  • Passwords are another big thing. Some people are indicating that they don't have passwords on their devices and yet they access company information, so they really should have passwords on laptops, tablets and all their mobile devices as well. 
  • They should be complex - not basic ones you can remember. The other thing you see is that people use the same password on multiple accounts. We really encourage SMBs to use different passwords because if one gets hacked, it's easy to access other accounts.  
  • Staff can be your best line of defence but they can also be your weakest link. Given that we've seen most attacks are email and phishing scams. We encourage businesses to be proactive and educate their staff about what scams are out there and what they should be looking out for. If it's from an unknown source, don't click on it. Don't open that attachment or click that link.”