Successful cybercrime attacks cost businesses an average of $214,000 per incident, according to a survey conducted by the Ponemon Institute on behalf of Check Point Software Technology.
The survey of 2,618 C-level executives and IT security administrators in the US, UK, Germany, Hong Kong, and Brazil revealed that 65% of respondents who experienced targeted attacks said the hacker’s motivation was driven by financial fraud, followed by intent to disrupt business operations (45%) and stealing customer data (45%). Despite the surge in hacktivist attacks, only 5% of security attacks were estimated to have been driven by political or ideological agendas, according to the survey.
“There are people all along the eco-system that are making money from these attacks”, Fred Kost, head of product marketing at Check Point, told Infosecurity. “We are seeing a much more advanced cyber crime element where attacks are financially motivated, so they are able to put more resources into attacks because there is a big pay off”, he observed.
Respondents reported SQL injections as the most serious security attacks experienced in the last two years, and around one-third of respondents said they experienced advanced persistent threats (35%), botnet infections (33%), and denial of service (DoS) attacks (32%). “We are seeing a big concern about SQL injections, which is playing out in some of the high-profile attacks we’ve seen”, said Kost.
When asked to rank employee activities that pose the greatest risk, all regions cited the use of mobile devices – including smartphones and tablet PCs – as the biggest concern, followed by social networks and removable media devices such as USB sticks.
“We see the use of social networks increasingly becoming a security concern for organizations. If I am interacting with people on a social network that I trust, I might say or do things that I might not with a stranger. So if an attack can use the trust built into the social network, that creates a lot of risk”, Kost observed.
While the majority of companies have important security building blocks in place, such as firewall and intrusion prevention products, less than half of companies surveyed have advanced protections to fight botnets and advanced persistent threats.
However, the majority of organizations in Germany and the US are beginning to deploy products more specific to addressing cyber risk such as anti-bot, application control, and threat intelligence systems, the survey found.