Business Daily.
.
The Property Pack
A+ R A-

Data breaches and impacts of Covid-19 are the biggest risk for many Australian small businesses



General Manager of Kaspersky ANZ_Margrith Appleby


The shift to more cloud services and remote working in the wake of Covid-19 is exposing businesses to more cyber-risks


Data breaches and the shift to more cloud services and remote working in the wake of Covid-19 is exposing Australian businesses to heightened risk. The Kaspersky Corporate IT Security Risks Survey paints a sobering picture finding a massive 49.4% of security incidents that occurred in 2019 were through employees' inappropriate IT use. And inappropriate data sharing from mobile devices was experienced by 42.9% of the Australian businesses surveyed.


The global survey of around 5000 businesses includes almost 250 Australian enterprises and SMBs. As many businesses have been forced to quickly scramble to work from home arrangements over the past couple of weeks due to Covid-19, the rise in employees using personal technology devices will make it harder than ever to track potential threats and attacks.


“Cyber-attacks on small businesses can be devastating, we know that as many as two-thirds of SMBs that suffer a cyber-attack collapse within six months. An attack like this happening as a precursor to the impacts of Covid-19, may be too much for many Australian small businesses to recover from,” explains Margrith Appleby, General Manager at Kaspersky ANZ.


The cost of data breaches can be crippling to some businesses. The NotPetya attack in 2017 cost food giant Mondelez as much as $100M in remediation and recovery costs. But even smaller losses can be crippling. 26.4% of Australian small businesses reported that they lost between $3,000 and $15,000 through attacks in 2019.


“With an increased dependency on mobile devices, remote working using cloud applications and data being used from more locations, the risk of cyberattacks in 2020 is set to skyrocket if businesses don’t quickly close gaps in their security and focus on the way they’re using cloud services,” warns Appleby.


For Australian businesses trying to assess their threat exposure, Kaspersky’s findings show it remains a question of following the money. Based on the survey, the average cost of ransomware attacks that resulted in data breaches are $1.46M and continues to be significant because it pays.


The research found that in 2018-2019, 38.5% of respondents reported losses under $100,000, 20.9% reported losses between $100,000 and $249,000, and 19.8% reported losses up to $1million. 20.9% reported incidents costing in excess of $1M.


The survey also found that 34.8% of Australian businesses had been involved in an incident through a third-party cloud service that their employees used in the past year.


Globally, lost employee devices accounted for 42% of SMB and 47% of enterprise security incidents. However, Kaspersky found that just 8.5% of the Australian respondents ranked security issues with mobile devices as their most important security issue, despite evidence that this is a significant issue.


“Increased frequency through lost or stolen devices demonstrates the need for employees to report a loss quickly to the security team, as they would notify their bank if they couldn’t locate their credit card,” says Appleby.


Businesses also need to be cognisant of how their trading partners are dealing with security risks. The global research found that over half of all breaches (51.4%) in APAC with China in 2018 to 2019 stemmed from mobile devices, an important issue given so many Australian businesses rely on commercial relationships across the region.


“This highlights a significant blind spot in Australian security strategies and budgets that is not being addressed. If Australian businesses don’t start to take the risk of attacks over mobile devices more seriously, the velocity and value will quickly begin to escalate,” Appleby warns.


As business units adopt more cloud services in order to operate in this new and evolving world, understanding where critical organisational data is and how it’s secured is becoming more complex. But, despite this rise in complexity, the report showed that Australian businesses are less likely to use outsourcers than the rest of the world. According to Kaspersky’s findings, just 39.7% of Australian businesses are looking to outsource IT infrastructure and processes to third parties in the coming year, compared with almost 43% of businesses in the UK, and over half of businesses in the US and the rest of the APAC region including China.


It is essential that organisations schedule basic security awareness education for employees working from home during Covid-19. Cover essential practices for passwords and accounts, email security, pc security, and web browsing. With moreoperations going digital, businesses need to protect every Windows or Linux server, Mac laptop and Android mobile device and Kaspersky Endpoint for Business can build a safer world for you,” advises Appleby.



About the research


The Kaspersky Corporate IT Security Risks Survey 2019 report can be found at: https://go.kaspersky.com/rs/802-IJN-240/images/GL_Kaspersky_Report-IT-Security-Economics_report_2019.pdf

Business Daily Media