Yesterday I wrote about a survey that found an overwhelming percentage of top executives and board members don't pay much attention to corporate security concerns. Perhaps if they see what a lack of security can do to the bottom dollar, they will take more notice of security needs.
A new study by Ponemon Institute and sponsored by Check Point Security has found that the cost of a targeted attack on a company costs an average of $200,000 to investigate, to recover the brand's reputation and to invest in security technologies. On top of that, the survey revealed, the cyber crooks are motivated by financial fraud. The study, which interviewed IT practitioners in the U.S., UK, Germany, Hong Kong and Brazil, stated:
While respondents may have different perceptions about which cyber risks are most detrimental to their businesses, they all agree that the primary goal for cybercriminals is financial fraud and/or access to the company's financial records. In the U.S. and UK, financial gain is followed by theft of customer data. Approximately five percent of security attacks are motivated by political or ideological agendas.
So, basically, attacks like those made by Anonymous - attacks to make a statement - are just a drop in the bucket, but make all the headlines. The primary security problems that businesses need to be aware of are targeted malware attacks. As PC Magazine pointed out:
Advanced persistent threats (APT) and nation-state attacks also dominate security news, but overall, 43 percent of respondents said SQL injection, where malicious code is entered into a Web form and executed on the database back-end, was the most serious type of attack against their organizations in the past two years. While US-based respondents named APTs as the second most serious type of attack, the executives from other regions were more concerned about botnet and malware infections.
Again, the numbers aren't insignificant here. The report found that, on average, companies are facing 66 attacks a week (in Germany that average is 82). Yet, only 64 percent of companies have any kind of training or awareness programs in place to help prevent targeted attacks.
For an SMB, the costs of a cyber attack can be financially damaging. For larger corporations, the financial risks can also be great. The time has come to realize that cyber crime is big business and needs to be treated as such. As Tomer Teller, researcher at Check Point Software Technologies, said in Help Net Security:
Cybercrime has become a business. With bot toolkits for hackers selling today for the mere price of $500, it gives people insight into how big the problem has become, and the importance of implementing preemptive protections to safeguard critical assets.