In the last year, there has been a 60 per cent increase in ransomware attacks against Australian businesses. Now, a new report from a global risk management solutions provider reveals 68 per cent of Australian employees believe the organisation they work for is vulnerable to an attack.
The findings come from the 2021 Australian Business Assurance Report by SAI Global and based on a survey of 328 Australian employees.
Stephen Weekley, global cybersecurity expert at SAI Global, believes the COVID-19 crisis caused a dramatic shift in the way we work, exposing businesses to a greater range of risks than ever before. “Government restrictions forced many businesses to rapidly adapt to remote working models which, in turn, created a range of challenges for corporate cybersecurity. The use of home WiFi networks, virtual meetings held on video conferencing platforms, and some employees having to use their own unprotected devices left companies vulnerable to an attack.”
The survey also found that employees from smaller organisations felt less vulnerable to a cybersecurity attack: 65 per cent of those who worked for a business with under 100 employees felt vulnerable, compared with 77 per cent of those whose business had more than 501 employees. The myth that only larger businesses are the target of cyber-attacks can lead to a false sense of security for small and medium-sized businesses. Approximately 144 reports of cybercrime relating to small business were reported every day to the Australian Cyber Security Centre in 2019, costing small businesses an estimated $300m per year.
SAI Global’s research highlighted the biggest fears plaguing Australian organisations when a cyber-attack takes place. More than a third (36 per cent) of employees cited the financial losses that would occur as their biggest fear and 32 per cent said they feared the loss of intellectual property. While 18 per cent fear the loss of reputation and trust in their brand, only 7 per cent of businesses worry that they would lose customers.
To mitigate the risk of cybersecurity attacks, 47 per cent of employees say their organisation needs to ensure all staff are trained to identify and raise potential threats, while only 33 per cent say they need to ensure that cybersecurity skills and knowledge are retained within the organisation.
Employees also believe their organisation needs to improve their systems and processes to avoid a cybersecurity attack: 30 per cent agree their organisation require better processes to protect confidential information and better information security systems. Just 16 per cent of employees believe their organisation needs to have a cybersecurity insurance policy in place to help mitigate the risk of an attack.
Stephen says: “Across the board, cyber-attacks are becoming more common and sophisticated – from email phishing scams and hacktivists (hackers fighting for social and political issues) to data fraud involving disgruntled employees, and attacks on users of video conferencing services, both through data theft and unapproved access to virtual meetings. As cybersecurity remains one of the biggest risks to an organisation, management and leadership need to ensure there are systems and processes in place to protect their organisation against attacks, and that employees are aware of the organisation’s cybersecurity efforts, along with potential risks, and receive proper training.
“Not only can cyber-attacks compromise an organisation financially, but it puts confidential and important information at risk, including private customer data. Businesses would be wise to undertake a comprehensive audit of their systems and processes to identify possible threats and vulnerabilities. It is also imperative for organisations to implement an information security management system compliant with ISO 27001. This can be a critical safeguard against cyber risks, as it provides a framework for organisations to protect against data breaches and ensure the confidentiality, integrity, and availability of information.”
You can read the full report here.