In the last year, there has been a 60% increase in ransomware attacks against Australian businesses. Now, a new report from a global risk management solutions provider reveals 68% of Australian employees believe the organisation they work for is vulnerable to an attack.
The findings come from the 2021 Australian Business Assurance Report by SAI Global, a global specialist in risk management solutions, based on a survey of 328 Australian employees.
SAI Global global cybersecurity expert Stephen Weekley says he believes the COVID-19 crisis caused a dramatic shift in the way we work, exposing businesses to a greater range of risks than ever before.
"Government restrictions forced many businesses to rapidly adapt to remote working models which, in turn, created a range of challenges for corporate cybersecurity," he says.
Weekley adds, "The use of home WiFi networks, virtual meetings held on video conferencing platforms, and some employees having to use their own unprotected devices left companies vulnerable to an attack."
The survey also found that employees from smaller organisations felt less vulnerable to a cybersecurity attack: 65% of those who worked for a business with under 100 employees felt vulnerable, compared with 77% of those whose business had more than 501 employees.
The myth that only larger businesses are the target of cyber attacks can lead to a false sense of security for small and medium-sized businesses, the researchers state.
Approximately 144 reports of cybercrime relating to small business were reported every day to the Australian Cyber Security Centre in 2019, costing small businesses an estimated $300m per year.
SAI Global's research highlighted the biggest fears plaguing Australian organisations when a cyber attack takes place.
More than a third (36%) of employees cited the financial losses that would occur as their biggest fear and 32% said they feared the loss of intellectual property.
While 18% fear the loss of reputation and trust in their brand, only 7% of businesses worry that they would lose customers.
To mitigate the risk of cybersecurity attacks, 47% of employees say their organisation needs to ensure all staff are trained to identify and raise potential threats, while only 33% say they need to ensure that cybersecurity skills and knowledge are retained within the organisation.
Employees also believe their organisation needs to improve their systems and processes to avoid a cybersecurity attack: 30% agree their organisation require better processes to protect confidential information and better information security systems.
Just 16% of employees believe their organisation needs to have a cybersecurity insurance policy in place to help mitigate the risk of an attack.
Weekley says, "Across the board, cyber attacks are becoming more common and sophisticated from email phishing scams and hacktivists (hackers fighting for social and political issues) to data fraud involving disgruntled employees, and attacks on users of video conferencing services, both through data theft and unapproved access to virtual meetings.
"As cybersecurity remains one of the biggest risks to an organisation, management and leadership need to ensure there are systems and processes in place to protect their organisation against attacks, and that employees are aware of the organisation's cybersecurity efforts, along with potential risks, and receive proper training."
Weekly continues, "Not only can cyber attacks compromise an organisation financially, but it puts confidential and important information at risk, including private customer data.
"Businesses would be wise to undertake a comprehensive audit of their systems and processes to identify possible threats and vulnerabilities.
"It is also imperative for organisations to implement an information security management system compliant with ISO 27001. This can be a critical safeguard against cyber risks, as it provides a framework for organisations to protect against data breaches and ensure the confidentiality, integrity, and availability of information."