Smarter Aussies reduce cybercrime cost yet ignore mobile security: Symantec

The cost of cybercrime in Australia to its 5 million annual victims is significantly lower than in other countries even though incidents are equally prevalent, Symantec has revealed in new customer research that also found a continuing lack of concern about the security of mobile devices.

The company's 2013 Norton Report surveyed 13,000 respondents in 24 countries, and found that 46 per cent of Australian adults have experienced cybercrime in the last 12 months. This was slightly higher than the global average of 41 per cent, but the average direct cost per Australian cybercrime incident in the past 12 months was pegged at just $US187 ($A196), compared with $US298 ($A313) globally.

Sean Kopelke, director of technology with Symantec Australia, told CSO Australia that the decline was likely due to both authors of ransomware "going for smaller amounts and a lower level of detection", and due to Australians becoming "a little more aware of the effects of cybercrime, and aware of the things they're having to put in place" to ensure their security online.

"We're seeing people being a little more security aware," he said.

While Symantec's consumer survey focused on end users, its conclusion of reducing cybercrime figures contradicted another recent study, by Ponemon Institute, that found that cyberattacks on enterprises have become "common occurrences" that cost an average of $US11.6 million ($A12.2) per year, up from $US8.9 million ($A9.3m) in 2012.

Symantec pegged the total cost of cybercrime to Australia at $US1 billion ($A1.005b). Yet while security incidents may be expensive for large enterprises, Australian users were ahead of the curve in avoiding casual exposure to security threats.

For example, Australians were less likely than users in other countries to commit potentially compromised information to public Wi-Fi services. Just 44% of Australians, compared with 54% overall, use public or unsecure Wi-Fi to access or send personal emails.

Just 48 per cent use public Wi-Fi to access their social networks, 27 per cent to shop online and 25 per cent to access their bank accounts – compared with 56 per cent, 29 per cent and 29 per cent, respectively, overall.

Interestingly, however, Australians were more likely to believe that online file storage services such as Dropbox and Box are safe: 55 per cent of respondents reported this belief, compared with just 50 per cent globally. Some 18 per cent of online file storage users use the same online file-storage account for both work and personal documents.

Such attitudes were creating security concerns when it came to mobiles and bring your own device (BYOD) programs. Some 32 per cent of survey respondents said their company had no policy on the use of personal devices for work, while 46 per cent of respondents said they use their personal mobile device for both work and play.

Working Australians were less likely than those in other countries to store personal information on their work devices – 19 per cent vs 27 per cent – or to access their social networks using their work device – 28 per cent vs 34 per cent. Many "still don’t understand the privacy settings" on social-network sites, Kopelke said, while many were freely handing their passwords over to other people.

"A lot of it comes down to knowledge," he said. "When you look at the social-network settings, a lot of people just find them too complicated."

Yet it was the statistics around protecting mobile devices that should scare any CSO contemplating protection of a BYOD rollout: only 53 per cent of smartphone users delete suspicious emails from people they don't know; just 46 per cent of smartphone users avoid storing sensitive files online; and 57 per cent of mobile users weren't even aware that security solutions for mobile devices exist.

With 42 per cent of respondents reporting that they don't even use basic security on their smartphones or tablets – including passwords, backup of their information or use of security software – Kopelke said the figures were worrying, especially since 21 per cent of respondents reported they had lost their mobile device or had it stolen in the past.

Recent figures from the ACMA reinforce the importance of mobile security education, with many Australians indicating that their smartphone didn't need security tools, and younger Australians showing a particularly low level of concern about malware threats.

Mobile security education has, Kopelke suggested, become critical given that its prevalence is increasing.

"It shows that while the average person understands the risks around the desktop or notebook environments and have security there, they haven’t taken those security practices across to their mobile platforms," he explained.

"It's another area that just shows why cyber criminals are going to be targeting those mobile users going forward."

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags symantec2013 Norton Report

More about CSODropboxmobilesNortonSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place