Malware's Heavy Toll on Business
Businesses are increasingly being targeted in cyber-thieves' stealthy attacks, with the toll running the gamut from lost productivity to heavy financial burdens.
According to the United States Federal Bureau of Investigation's Computer Crime Survey, released in 2006, approximately 79 percent of all enterprise PCs in the U.S. are infected with some form of spyware at any given time.
All signs indicate that the problem will continue to escalate unless businesses practice better preventative security measures. Reports from Gartner predict that by 2008, 40 percent of organizations will be targeted by "financially-motivated cybercrime."
"The education for companies about cyber security and the types of threats out there are not being communicated effectively to executives and employees," said Ken Hamilton, president of Total Tech LLC, a technology consulting firm that helps companies use technology to secure and improve their businesses, in a Daily Transcript article.
"They do not understand what a negative impact that threat can have on the company and its employees in terms of placing assets at risk, including intellectual property, competitive information, employees' personal files and customer information."
Compromised data can result in serious repercussions for businesses, but the financial costs of attacks are just as staggering.
Large American organisations are losing an average of 2.2 percent of their annual revenue, which amounts to more than $30 million U.S., to security attacks, according to an Infonetics report on the cost of network security attacks.
Big business is not alone in feeling the heavy toll of security attacks. Small and medium-sized organizations lose about half a percent of their annual revenue to network downtime brought on by security attacks, which runs up to hundreds of thousands of U.S. dollars.
The types of security risks vary depending on the size of the business. Large organizations face denial of service attacks and server malware, while medium-sized companies are hit mostly with client malware. Small businesses are affected across the board by all three types of attacks, Infonetics reported.
And the attacks on business are so pervasive due to the varied types of threats out there.
"The entire IT infrastructure is vulnerable. The network only enables the hacker by providing the avenue of attack. Web applications are vulnerable to business process hacking. Credit agencies, export-import and financial transaction sites have all been hit by attackers who purchase limited access and then abuse the underlying business logic to steal more information than they paid for. Employees are vulnerable to social engineering attacks and bribery that could lead to stolen IP and personal data," Richard Stiennon, CMO of Fortinet, said in an interview with Moneycontrol.com.
While most organizations are working at beefing up security in this age of malware, many remain complacent. Stiennon said most of the remedial steps are taken only after a company has actually suffered an attack.
Businesses, like home users, need to be proactive in having tough security measures in place before attacks occur. Virus scanning for e-mail, protecting wireless networks with encryption, having clear policies in place for employee web use, as well as having top-notch anti-spyware software, are all critical.