The numbers are stark and quite scary. Small businesses, like those that make up the bulk of our economy, are the next big target for cybercriminals, and unfortunately many aren't ready to defend themselves against cyber attacks.
In New Zealand, we like to think that we're safe from the web-based security threats that larger countries face. Cyber crime has only become a mainstream focus in the last few months after Prime Minister John Key announced an increase in Kiwi business being targeted by foreign hackers. Some said he was scaremongering. He wasn't; he is right.
A report from the National Cyber Security Centre (part of GCSB) showed that cyber attacks on New Zealand businesses are on the rise, mainly from hackers operating out of China and Asia.
Our experience supports that. As a company that protects small- to medium-sized businesses from cyber criminals, we see attempted intrusions every day. One unlikely target we work with (an Auckland-based engineering company) registered at least 273 intrusion attempts in a two-week period in August. A real estate company with multiple locations on the South Island registered 1,156 in only seven days.
Further, we were able to record and track the IP addresses corresponding to those attempts. Across both businesses, the most common point of origin was China.
SMEs need to be wary. Cyber crime is here, and it's big business. A study issued last month by the antivirus company McAfee estimated cyber crime costs the global economy $500 billion each year, making it the third most profitable criminal enterprise in the world after piracy and drug trafficking.
Unfortunately, there is a perception that only the big companies have to worry but that's not the case. As the threat of hacking has become better understood and larger companies have beefed up their IT security, fraudsters have had to look for easier pickings. That means SMEs are increasingly becoming the targets of choice.
Worldwide, targeted cyber attacks were up 42 percent last year, according to a study by Internet security giant Symantec. Not surprising, the data showed that nearly one in three attacks were aimed at companies with fewer than 250 employees.
A recent study of cybersecurity in the United States found that even though a staggering 83 percent of SMEs have no formal cybersecurity plan, most believed they were safe from cyberthreats such as hackers, viruses and malware. That's not just naive, it's dangerous.
Hackers aren't breaking into networks just for the thrill. Modern cyber criminals are highly polished professionals out for financial gain. They want your credit card data, intellectual property or 'secure' passwords.
Governments aren't immune either. Across the Tasman, hackers have been wreaking havoc on Australian businesses and government departments. Our company is aware of at least three incidents of 'ransomware', where hackers remotely installed software on a businesses' computer system that encrypted data and made their information unusable. The hackers then demanded a ransom be paid to unlock it.
Earlier this year, the Australian government was forced to disclose that hackers were able to access and download the new building designs for the Australian Secret Intelligence Service. This attack, on top of high levels of credit card fraud, has forced Australian lawmakers to act. They're now in discussions to implement a mandatory data breach disclosure law, which will require organisations to make public any data breaches that could result in 'serious harm'.
Here there is less clarity around the prevalence of breaches. Without disclosure requirements, most data breaches are simply swept under the carpet, leaving the public unaware their information or data was compromised.
Privacy Commissioner Marie Shroff said New Zealand is lagging behind other countries in implementing these types of safeguards, and that's a serious concern. She labeled the situation, the 'Wild West'. We agree.
While you might see scattered reports of hacking, New Zealanders are largely in the dark when it comes to understanding the threats we all face. Despite this, research shows more than 75 percent of Kiwis are worried about a data breach or deliberate hacking of their credit card data. However, until that concern translates into action, the public is likely to remain uninformed. And that's exactly what the fraudsters want.
The message for business, particularly those drafting Annual Plans at the moment is simple: cyber crime is real and it's here. If you haven't looked at your IT security, do so now. Respected business publication Forbes estimated 60 percent of SMEs hit by hackers are out of business in less than a year. Can your business afford to be next?
Bill Farmer is the CEO of Mako Networks, a Kiwi company that provides security for small and multi-site businesses against cyber crime and credit card fraud, across the US, Europe and NZ.