BIG business is being targeted by cyber-criminals in "ransomware" attacks, threatening deletion or freezing of crucial business files unless money is paid.
A new national survey of Australian big business reports that in September last year, 25 organisations reported ransomware attacks.
Releasing the 2012 Cyber Crime and Security Survey Report in Melbourne, Attorney-General Mark Dreyfus says businesses were at times reluctant to report the attacks, which were linked to organised crime.
“And of course that's the very thing that should be reported to CERT Australia, the Australian government's response team, or to the federal police, to get help and prevent the attacks occurring in the first place,” Mr Dreyfus told reporters.
The survey report found in the worst case, one business lost 15 years worth of critical business data.
With one in five major Australian businesses suffering a cyber attack in the past year, the survey reported attacks are becoming more coordinated and targeted.
It also found one third of attacks involved the theft of notebook and tablet computers or mobile devices.
“Most attacks occur from outside the business, although it appears internal risks are also significant,” Mr Dreyfus said.
The survey found that energy, defence, communications, banking, finance and water organisations are now investing more heavily in cyber security.
But it noted with concern the level of IT security some big businesses have in place.
It found only 64 per cent applied IT security standards or guidelines, less than 50 per cent had plans in place for removable storage devices such as USB memory sticks, and almost 35 per cent had IT security staff with no formal training.
More than 90 per cent of respondents deployed firewalls, anti-spam filters and anti-virus software.
Mr Dreyfus said lax security standards and training were another message for Australian businesses.
He said larger companies without specialised IT security staff would need to think, “pretty quickly I'd suggest”, about hiring people trained in the field if they wanted to protect their business.
