An extensive survey of businesses shows that cyberattacks are a growing threat to corporations of all kinds. Companies consider safeguarding their networks to be critically important to their business, resulting in substantial costs.
As more employees work remotely and use mobile phones for work, the risks are growing and security is getting harder to implement. Those are some of the conclusions of Symantec’s 2011 State of Security Survey, where Symantec surveyed more than 3,300 companies about the security threats they face. There’s no surprise in the report, but it reinforces the notion that companies need to pay more attention to cyber threats.
“Cyber security is once again top of mind for a lot of CEOs,” said Ashish Mohindroo, senior director of product marketing at Symantec, said in an interview. “It has always been a top-three concern for operations executives and chief information officers. But the awareness is high because of all of these breaches. The companies feel more vulnerable than in the past.”
About 71 percent of the companies surveyed reported that they have been attacked in the last year. About 21 percent saw the frequency of attacks increasing and 25 percent saw the attacks as somewhat to significantly effective.
Some 92 percent of those attacked saw losses including downtime, intellectual property theft, and customer credit card info loss. About 84 percent of attacks led to actual costs. About 20 percent of the businesses said they had lost at least $195,000 as a result of attacks.
“That’s a big disruption to the business and it takes a long time to recover from reputation loss,” Mohindroo said
As noted in a recent McAfee report, high-profile “hacktivist” groups such as Anonymous and LulzSec have changed the landscape by drawing a fine line between attacks for personal gain and attacks meant to send a message. There were roughly 20 major hacktivist attacks in the second quarter alone, mostly due to the alleged activity of LulzSec.
Companies said they are getting better at fighting the war on cyberattackers. Many suffered damages in cyberattacks, but more respondents reported a decline in the number and frequence of attacks compared to 2010. Spam has been reduced, thanks to the take-downs of some big bot nets such as Rustock.
Half of the respondents said they could still do more to secure their networks and assets. So they are increasing their cybersecurity staffing and budgets. About 46 percent are increasing security staffing and 38 percent are increasing security system budgets.
Mohindroo said that some of the drivers of the attacks are new, such as social networking as a vector for finding vulnerabilities. More attacks are personally targeting individuals as well. For instance, hackers can get your name or email address and send a message with a malware payload to one of your trusted friends.
“If you tell your friends that you are going to a conference, the attackers would discover that and craft a message saying they saw you there,” Mohindroo said.
And incidents such as the Wikileaks episode should remind companies that employees are often the perpetrators of cyberattacks against company networks.
The majority of the companies interviewed had more than 5,000 employees, and 1,200 of the respondents were high-level employees. The survey was conducted from April to May.