The survey of a nationally representative panel of 1007 Australian employees found older workers were putting their businesses at risk through the use of email, with two thirds of 50 to 67-year-olds opening an email attachment from an unknown contact.
Younger workers were most negligent about updating their malware or other types of security with 43 per cent of under-30s ignoring notifications on their computer to update their security, compared with just 22 per cent of those aged over 40.
Toll Group confirmed it has been the victim of a “targeted ransomware attack” since last Friday, which led it to “immediately isolate and disable” IT systems to stop the malware from spreading, forcing it to manually process parcels.
The company has not said whether a state actor was involved.
“We’re continuing to undertake a thorough investigation and we’re working around the clock to restore normal services at the earliest opportunity,” the company said.
A senior analyst at the Australian Strategic Policy Institute’s International Cyber Policy Centre, Tom Uren, said the Australian government – through the Australian Cyber Security Centre, Scamwatch, the ACC and other organisations – should be doing more to help businesses defend against cyber attacks.
“They should produce clear working guides or ‘recipes’ about how to do simple things that will make businesses’ security more robust for a range of scenarios,” he said.
“ACSC have some resources for individuals, but they need more reach and ones targeted at small to medium businesses.
“There have been many many cybersecurity incidents that have affected Australians, and many businesses are only slowly adapting. Toll is only the latest.”
Mr Uren said in previous years the biggest risks were that data would be stolen which would only affect a business’s reputation, but now there were more direct threats to business operations.
“Data can get wiped or locked up for ransom (ransomware) or even just destroyed,” he said.
“And attackers are either directly stealing money or holding data hostage, so there are more direct monetary costs. Destroying IT systems can essentially leave businesses unable to operate nowadays.”
Cybercrime is now believed to cost Australia’s economy more than $1 billion a year, with small businesses accounting for 43 per cent of all targets.
Anthony is foreign affairs and national security correspondent for The Sydney Morning Herald and The Age.