Symantec Survey Reveals Phishing is a Threat to New Zealand Small Businesses
– 51 percent of respondents surveyed have been the target of a phishing attempt –
Symantec and EMA Internet Security Survey 2005
Key Findings
- 51 percent of total respondents have been the target of a phishing* attempt.
- Spam is less of an issue for small businesses than 21 months ago with 5 percent of total respondents from this survey
receiving between 51-100 spam emails per day compared with 12 percent receiving 51-100 spam emails per day in last
year’s survey with respondents receiving an average of 98 spam emails per day.
- The disruption from security threats to small businesses can cost up to $100,000. This includes lost staff time, cost
of repair, lost work and lost business.
- The top IT concerns small businesses face are security threats and IT system speed, reliability and efficiency. In
last year’s survey, small businesses’ top concerns were security and costs of upgrades, licences, security and hardware.
- Small businesses now face a variety of threats, ranging from viruses, Trojans, worms, email scams and additional
security risks. 21 months ago, top security concerns for survey respondents were limited to viruses, hackers and spam.
- The survey shows that many small businesses are using security software. 88 percent of respondents have installed
antivirus software; 77 percent have installed a firewall or an appliance; 63 percent have installed spam filtering.
However, only 53 percent have installed anti-spyware software, 26 percent intrusion prevention software and 24 percent
URL blocking.
- 56 percent of respondents have a policy to guide staff on safe internet security practices, but the majority of
respondents do not train or update staff on security on a regular basis, with 5 percent doing this weekly. Last year, 67
percent of companies surveyed had a policy in place to guide employees on safe internet security practices, while 39
percent did not keep their staff regularly updated on internet security policy.
Key Findings: Technology
- 48 percent of respondents update their operating system or apply security patches monthly and 30 percent apply patches
quarterly. Patches could be applied more regularly to improve business security.
- However, of those respondents with security software installed, 75 percent update it automatically.
Key Findings: Businesses employing 20 or less staff
Effect of security threats
- Regardless of size, small businesses are at risk of being targets of phishing attempts. 51 percent of respondents
employing 20 or less staff, and also 51 percent of respondents employing 20 or more staff said they had been a target of
a phishing attempt.
- However, 46 percent of respondents with 20 or less staff receive 1-5 spam emails daily compared with 31 percent of
respondents employing 20 or more staff receiving 1-5 spam emails daily.
- Of those companies affected by security threats, 92 percent of respondents with 20 or less staff said their business
was disrupted compared with 85 percent of respondents with 20 or more staff.
Security practices
- 69 percent of respondents employing 20 or more staff compared with 48 percent of respondents employing 20 or less
staff have a policy to guide their staff on safe internet security practices.
- 45 percent of respondents employing 20 or less staff compared with 38 percent of respondents employing 20 or more
staff do not train or update staff on their internet security policy.
- Although businesses employing 20 or more staff spend more of their IT budget on security, businesses 20 or less staff
are taking the same or better measures to protect themselves with technology:
- 92 percent of respondents employing 20 or less staff had installed antivirus software, compared with 85 percent of
respondents employing 20 or more staff.
- Automatic security software updates are just as common amongst small businesses regardless of size, with 75 percent of
respondents employing 20 or less staff and 76 percent of respondents with 20 or more staff automatically updating their
security software.
Change in Threat Landscape
Between the survey conducted in February 2004, last year and this latest survey, the threat landscape has changed to
include threats such as phishing and additional risks such as adware and spyware.
*Phishing is an attempt by a third party to solicit confidential information from an
individual, group or organisation, often for financial gain. These attempts are often conducted through a web browser
using social engineering. In many cases, the information gathered is used to commit fraudulent acts.
About the survey
The survey was conducted by Symantec and the Employers and Manufacturers Association, with 528 respondents participating
in the survey.
A total of 528 respondents took part in the survey. Manufacturing businesses accounted for 18 percent of respondents,
and 67 percent had an annual turnover of more than NZ$1,000,000. 75 percent of businesses employed 50 or less staff
members.
About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security,
availability and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more
than 40 countries. More information is available at www.symantec.com.
ENDS