Financial Fraud Tops List of Threat Motivators
In a new research report conducted by the Ponemon Institute released today, nearly 2 out of 3 respondents (65 percent) say financial fraud is the motivating factor behind targeted threats. That’s followed by “intent to disrupt business operations” and “stealing customer data” (both at 45 percent); just 5 percent of attacks are believed to be politically or ideologically motivated.
According to The Impact of Cybercrime on Business, cybercriminals are believed to prefer SQL injections for inflicting their most serious security damage during the last two years. One-third of respondents (35 percent) said they experienced advanced persistent threats (APTs), botnet infections (33 percent), and denial of service (DoS) attacks (32 percent).
Those attacks can be costly: participants estimated a single, successful targeted attack costing them, on average, $214,000. German respondents put the figure at $300,000 per incident, and Brazil said the average was closer to $100,000. The costs “include variables such as forensic investigation, investments in technology, and brand recovery costs,” according to the report.
What I found most disturbing was that organizations report that they face 66 cyber attacks each week on average; in Germany and the U.S. the average is closer to 82 and 79 attacks, respectively. That’s still a huge number.
Looking at internal threats, respondents put mobile devices (smartphones, laptops, and tablets) at the top of their “greatest risk” list, followed by social networks and removable media devices (for example, USB sticks). Furthermore, respondents believe that, on average, 17 percent of their systems and mobile devices are already infected by a cyberattack of some kind (the figure is 11 percent for the U.S. and 9 percent for Germany).
Most enterprises are using firewalls and have taken intrusion prevention measures, but fewer than half say they use advanced protection in fighting botnets and APTs. However, the majority of organizations in Germany and the US are beginning to deploy solutions more specific to addressing cyber-risk such as anti-bot, application control and threat intelligence systems.
Training is good but there’s room for improvement. “Only 64 percent of companies say they have current training and awareness programs in place to prevent targeted attacks,” the report revealed.
Internet security firm Check Point Software Technologies sponsored the stury, which compiled responses from more than 2,600 business leaders IT “practitioners” in the U.S., UK, Germany, Hong Kong, and Brazil. The full report is available at no cost; no registration is required.
-- James E. Powell
Editorial Director, ESJ
Posted by Jim Powell on 05/22/2012