Announcing the findings of “The Impact of Cybercrime on Businesses” survey, carried out by Ponemon Institute, Check Point Software Technologies revealed that 65% of the organizations which experienced targeted attacks reported that an attacker’s primary objective was to make a financial gain.
Disrupting business operations and stealing customer data were attributed as the next likely motivation for attackers, as stated by 45 % of the surveyed organizations. The report also stated that only around 5% of security attacks were driven by political or ideological agendas.
The report, which surveyed 2,618 C-level executives and IT security administrators in the US, United Kingdom, Germany, Hong Kong and Brazil across organizations of various types and sizes, showed that companies reported an average of 66 new security attack attempts per week.
Respondents in all countries stated that the most serious consequences of such attacks were disruption of business and loss of sensitive information, including intellectual property and trade secrets. Diminished reputation and impact on brand name were the least of their worries, with the exception of respondents in the UK.
Successful attacks could end up costing businesses anywhere between $100,000 and $300,000: the participants estimated the average cost of such an attack at $214,000 USD.
Tomer Teller, security evangelist and researcher at Check Point Software Technologies, was quoted in the press release as saying, “Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations, often employing highly-skilled hackers to execute targeted attacks, many of whom receive significant amounts of money depending on the region and nature of the attack.”
“For the most part, the goal of attackers is to obtain valuable information. These days, credit card data shares space on the shelves of virtual hacking stores with items such as employee records and Facebook or email log-ins, as well as zero-day exploits that can be stolen and sold on the black market ranging anywhere from $10,000 to $500,000,” he added.
While Denial of Service (DoS) attacks were seen as the type of cyber crime that posed the greatest risk to organizations, SQL injections were cited, by 43% of the respondents, as the most serious types of attack organizations had experienced in the last two years, the report stated.
Other threats cited in the survey included APTs (Advanced Persistent Threats), botnet Infections and DoS attacks cited by 35%, 33%, and 32% of the respondents respectively.
On the threats posed by activities of their employees, organizations, across all the surveyed countries, unanimously cited the use of mobile devices such as smartphones and tablet PCs as the biggest concern, followed by the use of social networks and removable media devices such as USB sticks.
Hong Kong and Brazil reported on an average the highest percentage of mobile devices infected through an act of cyber crime, at 25 percent and 23 percent, respectively. The U.S. and Germany had the lowest average of infected mobile devices and machines connected to the network at 11 percent and nine percent respectively.
The report found that for protecting themselves from these threats, a majority of organizations have instituted Firewall and Intrusion Prevention solutions. However, at the same time, less than half of the surveyed organizations have implemented the necessary protections to fight botnets and APTs.
“Cybercrime has become a business. With bot toolkits for hackers selling today for the mere price of $500, it gives people insight into how big the problem has become, and the importance of implementing preemptive protections to safeguard critical assets,” Teller stated.
It was pointed out that only 64% of companies said that they have current training and awareness programs in place to prevent targeted attacks.
“While the types of threats and level of concern companies have may vary across regions, the good news is that security awareness is rising,” Dr. Larry Ponemon, chairman and founder, Ponemon Institute, was quoted as saying in the press release.
“Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks.”
For fast DDoS protection click here.