Survey: Phishing a Threat to NZ Small Businesses
Symantec Survey Reveals Phishing is a Threat to New Zealand Small Businesses
– 51 percent of respondents surveyed have been the target of a phishing attempt –
Symantec and EMA
Internet Security Survey 2005
- 51 percent of total respondents have been the target of a phishing* attempt.
- Spam is less of an issue for small businesses than 21 months ago with 5 percent of total respondents from this survey receiving between 51-100 spam emails per day compared with 12 percent receiving 51-100 spam emails per day in last year’s survey with respondents receiving an average of 98 spam emails per day.
- The disruption from security threats to small businesses can cost up to $100,000. This includes lost staff time, cost of repair, lost work and lost business.
- The top IT concerns small businesses face are security threats and IT system speed, reliability and efficiency. In last year’s survey, small businesses’ top concerns were security and costs of upgrades, licences, security and hardware.
- Small businesses now face a variety of threats, ranging from viruses, Trojans, worms, email scams and additional security risks. 21 months ago, top security concerns for survey respondents were limited to viruses, hackers and spam.
- The survey shows that many small businesses are using security software. 88 percent of respondents have installed antivirus software; 77 percent have installed a firewall or an appliance; 63 percent have installed spam filtering. However, only 53 percent have installed anti-spyware software, 26 percent intrusion prevention software and 24 percent URL blocking.
- 56 percent of respondents have a policy to guide staff on safe internet security practices, but the majority of respondents do not train or update staff on security on a regular basis, with 5 percent doing this weekly. Last year, 67 percent of companies surveyed had a policy in place to guide employees on safe internet security practices, while 39 percent did not keep their staff regularly updated on internet security policy.
- 48 percent of respondents update their operating system or apply security patches monthly and 30 percent apply patches quarterly. Patches could be applied more regularly to improve business security.
- However, of those respondents with security software installed, 75 percent update it automatically.
Findings: Businesses employing 20 or less staff
Effect of security threats
- Regardless of size, small businesses are at risk of being targets of phishing attempts. 51 percent of respondents employing 20 or less staff, and also 51 percent of respondents employing 20 or more staff said they had been a target of a phishing attempt.
- However, 46 percent of respondents with 20 or less staff receive 1-5 spam emails daily compared with 31 percent of respondents employing 20 or more staff receiving 1-5 spam emails daily.
- Of those companies affected by security threats, 92 percent of respondents with 20 or less staff said their business was disrupted compared with 85 percent of respondents with 20 or more staff.
- 69 percent of respondents employing 20 or more staff compared with 48 percent of respondents employing 20 or less staff have a policy to guide their staff on safe internet security practices.
- 45 percent of respondents employing 20 or less staff compared with 38 percent of respondents employing 20 or more staff do not train or update staff on their internet security policy.
- Although businesses employing 20 or more staff spend more of their IT budget on security, businesses 20 or less staff are taking the same or better measures to protect themselves with technology:
- 92 percent of respondents employing 20 or less staff had installed antivirus software, compared with 85 percent of respondents employing 20 or more staff.
- Automatic security software updates are just as common amongst small businesses regardless of size, with 75 percent of respondents employing 20 or less staff and 76 percent of respondents with 20 or more staff automatically updating their security software.
Change in Threat Landscape
Between the survey conducted in February 2004, last year and this latest survey, the threat landscape has changed to include threats such as phishing and additional risks such as adware and spyware.
*Phishing is an attempt
by a third party to solicit confidential information from
individual, group or organisation, often for financial gain. These attempts are often conducted through a web browser using social engineering. In many cases, the information gathered is used to commit fraudulent acts.
About the survey
The survey was conducted by Symantec and the Employers and Manufacturers Association, with 528 respondents participating in the survey.
A total of 528 respondents took part in the survey. Manufacturing businesses accounted for 18 percent of respondents, and 67 percent had an annual turnover of more than NZ$1,000,000. 75 percent of businesses employed 50 or less staff members.
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.