Businesses’ Attitudes To Cyber Security Shifting, But More Work To Be Done
While businesses’ attitudes to cyber security are shifting, three in five small businesses believe they should be doing more to keep secure online, says CERT NZ.
According to research from the government cyber security agency CERT NZ, the majority of small businesses with an online presence understand the importance of protecting their website.
Over half (54%) of those surveyed said their organisation is concerned about cyber security, and 46%4 are trying to learn more about keeping their online business safe.
Despite this, some small businesses are not taking action to secure themselves.
Only 38% believe their business adequately invests in cyber security, and just 34% believe their business has put a lot of thought and planning into being cyber secure. Most concerning, under half (45%) have processes in place to prevent a cyber attack.
“Cyber security is a hot topic following a number of high profile attacks hitting the headlines recently, and they demonstrate no one is immune from being targeted,” says Rob Pope, Director of CERT NZ.
“The silver lining is that these events have put online security at the front of businesses’ minds, and are generating more open conversations. It’s encouraging that businesses are gaining greater awareness of the mitigations they need to put in place to minimise cyber security threats.”
CERT NZ saw a 65% increase in the number of cyber security reports made by individuals, small businesses and large organisations in 2020 compared to 2019.
“However, our research indicates businesses don’t know where to begin boosting their cyber resilience. Time and money may be a barrier, but prevention is the best and least costly form of defence,” says Mr Pope.
“A large percentage of incidents reported to CERT NZ could have been prevented simply with a long strong password and the use of two-factor authentication, which provides an extra layer of security for logins.”
Basic steps can make a big difference. Simple actions businesses can take include:
· Regularly installing updates on software and devices to prevent attackers exploiting vulnerabilities
· Backing up business and customer data on a segregated network so if it’s lost or stolen you can recover it quickly
· Having a password manager
· Enabling logging to keep records for investigative purposes
· Monitoring logs for unusual activity
· Having an incident response plan so you’re prepared if the worst happens
“As organisations are adopting digital services at pace, they may be looking to invest more into their cyber security. To help business leaders and IT professionals decide where to best spend time and money, CERT NZ has created a list of the minimum cyber security requirements for businesses based on cyber related events over the previous 12 months.”
The 10 critical controls are listed on CERT NZ’s website: https://www.cert.govt.nz/it-specialists/critical-controls/
More advice from CERT NZ about how to keep your business cyber secure is available here: https://www.cert.govt.nz/business/
The online survey was conducted by CERT NZ and Colmar Brunton in two tranches, the first between 3 July to 12 July 2020, and the second from 30 November to 13 December 2020, amongst 508 businesses with less than 20 employees. This includes 274 businesses with 0 to 5 employees and 234 businesses with 6-19 employees. Results have been weighted to be representative. The figures quoted below are averages of the two tranches.
Below is a breakdown of the data used in this story.
Percentage of small New Zealand businesses that think they should do more to keep cyber secure:
Strongly agree | 18% |
Slightly agree | 40% |
Neither agree or disagree | 25% |
Slightly disagree | 7% |
Strongly agree | 3% |
Don’t know | 6% |
Percentage of small New Zealand businesses that think it is important to actively protect their website from a cyber attack:
Strongly agree | 53% |
Slightly agree | 30% |
Neither agree or disagree | 9% |
Slightly disagree | 2% |
Strongly agree | 1% |
Don’t know | 5% |
Percentage of small New Zealand businesses that are concerned about cyber security.
Strongly agree | 21% |
Slightly agree | 33% |
Neither agree or disagree | 23% |
Slightly disagree | 13% |
Strongly agree | 5% |
Don’t know | 5% |
Percentage of small New Zealand businesses that are trying to learn more about cyber security:
Strongly agree | 14% |
Slightly agree | 32% |
Neither agree or disagree | 29% |
Slightly disagree | 11% |
Strongly agree | 7% |
Don’t know | 6% |
Percentage of small New Zealand businesses that think they are adequately investing in cyber security:
Strongly agree | 12% |
Slightly agree | 26% |
Neither agree or disagree | 27% |
Slightly disagree | 18% |
Strongly agree | 9% |
Don’t know | 8% |
Percentage of small New Zealand businesses that think they have put a lot of thought and planning into cyber security:
Strongly agree | 11% |
Slightly agree | 23% |
Neither agree or disagree | 27% |
Slightly disagree | 19% |
Strongly agree | 14% |
Don’t know | 6% |
Percentage
of small New Zealand businesses that have processes in place
to prevent a cyber security attack.
Strongly agree | 13% |
Slightly agree | 32% |
Neither agree or disagree | 24% |
Slightly disagree | 13% |
Strongly agree | 9% |
Don’t know | 9% |