SMBs are prime cyber-attack targets


Cyber-attacks cost affected small business an average of A$10,299 in 2017 – a 56% increase over 2016 said Norton by Symantec.

Its Norton SMB Cyber Security Survey Australia 2017 reveals 23% of Small to Medium businesses had a cyber-attack last year.

Some 37% of SMBs don’t think they would remain in business if denied critical information for just one week.

“For the many Australian SMBs facing a resource crunch, the cost of cybercrime is not just financial. Cyber attacks have the potential to significantly affect how a business operates. How it is perceived by customers, particularly in the event of lengthy downtime or a data breach is vital. Cyber attacks have the power to cripple SMBs, regardless of industry,” said Mark Gorrie, Director, Norton Business Unit, Symantec Pacific Region.

Ransomware is still the preferred method of cyber-attack

Given data is so valuable and lack of effective backup it is not surprising that ransomware affected 10% of SMBs and 16% paid.

Interestingly 22% of SMBs that had experienced a cyber-attack before were more likely to pay the ransom.

Back-up or crack-up

Only 32% of SMBs bother to regularly backup valuable data. Let’s not even discuss whether its real back-up that works – tested, replicable, restorable and stored off-site.

But the message is getting through – back up ‘continuously’ to an off-site location and back-up both the operating environment and data so that a restore is quick.


Internet security is no longer a luxury

Sign-ups for internet (cloud) based security protection was up 19% to 87%.

Internet security sign-ups to prevent potential threats was 60%. Some 34% believed it was simply good business practice.

Older business operators (50-59 years) were more likely to implement internet security solutions as part of good business practice.

Password protection of company devices (laptops, PCs, tablets and smartphone) was up in 2017 (80-88%). This compares to 72-82% in 2016.

There were fewer opportunities for compromise/access of sensitive information by unauthorised persons. Fewer micro-and-small business operators accessed financial data from a mobile (36%) or personal device (46%) compared to those surveyed in 2016.

A scam in sheep’s clothing

Phishing (54%) remains the primary point of cyber-attack. But, hacking (36%) is next – if a computer is exposed to the internet hackers can find and try to penetrate it.


Employees stealing, losing or compromising data was way down – education is working.

Public Wi-Fi is dangerous

40% now use VPN’s with public Wi-Fi. A further 35% will not use Public open Wi-Fi but look for coffee shops etc., that require a password.

But that leaves 25% without protection in a public Wi-Fi minefield.

Norton says you can reduce cyber-attacks

  • Don’t wait for a cyber-attack – go on the defensive and harden your cybersecurity by installing cybersecurity software
  • Invest in comprehensive backup – not a USB or external hard disk
  • Keep equipment patched and up-to-date. Too many cyber-attacks use old vulnerabilities.
  • Get employees involved – cybersecurity is everyone’s business if they want a business to employ them
  • Use strong passwords. Never share and never use convenient, obvious passwords.
  • Think about your risk and investigate if cyber insurance is a good idea

“As the financial and operational impact of cyber attacks become harder for SMBs to ignore, business owners and operators are beginning to knuckle down and get the basics right. From using passwords, two-step verification and back up, to the more complex tasks of regulating access to Company data. With the introduction of Australia’s new mandatory data breach disclosure laws, we expect more Australian SMBs will go from seeing cybersecurity as a ‘nice to have’ to a critical piece in securing the future success of their business,” said Gorrie.

GadgetGuy says Norton is right

While the report is encouraging showing uptake in SMBs adopting security measures it is still crazy that some do not have security at all.

Any internet connected device is at risk. When, not if that device is compromised, then cyber-attackers can gain access to the network and you are gone.

GadgetGuy publishes any cybersecurity messages as a public service – hopefully, it will get through to those that don’t wear a condom while undertaking risky behaviour.

If you would like to know more about Norton’s 2017 security, read GadgetGuy’s article here.