Here’s more evidence that you should review your company’s cybersecurity.
More than seven percent of Australian businesses surveyed by Kaspersky didn’t know if they had been targeted by cyber-attackers in 2019, the cybersecurity company reports.
The finding by The Kaspersky Global Corporate IT Security Risks Survey is yet another reminder that many businesses aren’t doing enough to protect against cyber-attacks.
“While the percentage is relatively small, the fact that there are business who don’t know they have been targeted is worrying because every business today must try to have visibility into what is going on,” says David Emm, Principal Security Researcher at Kaspersky.
The global survey received responses from almost 250 Australian businesses, including very large and small-to-medium-size organisations.
About half of the data breaches reported globally were due to employees’ inappropriate IT use –slightly higher than the proportion that reported malware infections of company devices.
That’s concerning, considering how many Australians have been working at home under reduced supervision during the COVID-19 crisis. Kaspersky warns that use of personal devices will make it harder to track cyber-threats and attacks.
“It is essential that organisations schedule basic security awareness education for employees working from home during COVID-19,” says Margrith Appleby, Kaspersky ANZ General Manager. “Cover essential practices for passwords and accounts, email security, pc security, and web browsing.”
"With more operations going digital, businesses need to protect every Windows or Linux server, Mac laptop and Android mobile device and Kaspersky Endpoint for Business can build a safer world for your business," she adds.
Cloud, mobile risks
Cloud services are another risk. About a third of Australian survey respondents had been involved in an incident involving a third-party cloud service that their employees had used in the past year.
The survey also found that lost mobile devices were another big cause of cybersecurity incidents – though only 8.5 percent of Australian participants regarded mobile device security as their most important security issue.
Appleby calls that a “significant blind spot in Australian security strategies and budgets.” She recommends treating the loss of phones and laptops as you would a credit card, by reporting it (in this case to your security person).
Cost of attacks
Ultimately, the person in charge of your business must set aside resources to address these issues, and that won’t happen if they don’t take them seriously.
“Getting business leaders involved is huge,” Emm comments. “If people directing the business understand what the potential threats are, then clearly that’s going to make a big difference in terms of the right investment made.”
We’ve written about challenging complacency about cybersecurity amongst your business’s leaders. Another tactic is to highlight the financial stakes.
The average cost of ransomware attacks around the world in 2018-19 was US$1.46 million, according to Kaspersky’s survey findings. About a quarter of Australian small businesses reported that they lost between $3,000 and $15,000 through cyber-attacks in 2019.
Emm also suggests regulating the third parties your business deals with, to minimise the risk of data breach losses, or increase the chance of recouping losses.
“It’s entirely possible your supply chain could be your weakest link,” he suggests.
And don’t forget that cybersecurity isn’t set-and-forget, Emm adds. “You need to audit. There’s still a large number of companies that don’t review their security processes very often.”
Article sponsored by Kaspersky.