A new report has found that an alarming number of Australian businesses are being cyber attacked over email, with more than 90% reporting an email-based ransomware attack, business email compromise or spear-phishing attack last year. At the same time, they are lagging in cyber security training for staff.
Small businesses are facing an unprecedented threat of cyber attacks according to a study by security software company, Symantec.
Although it’s usually only stories about hacking into large national and international companies that make the news, Symantec reports that 52.4% of “phishing” attacks last December were against SMEs – with a massive spike in November.
One attack the report highlighted, concerned a small car dealership, that lost $23,000 when hackers broke into its network and swiped bank account information. The hackers added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some of the transfers could be cancelled.
Increasingly, cyber thieves view SMEs as easy, “soft targets” because too often they have bank accounts with thousands of dollars, a false sense of security about not being targeted, and customers’ credit card information, and other vital data that hackers can easily sell on the black market.
Attacks on these small businesses are made worse because more than 80% of this sector of the business landscape do not have any formal cyber security plan, and up to 70% have no plan at all.