Some recent surveys caught my attention as I was preparing to address the Business Innovation Growth council to discuss cyberattacks and what businesses should do to protect themselves.
Symantec released their Internet Security Threat Report in April providing analysis of what happened in 2009 and a look forward to help businesses prepare for the next cyber threats. From their site: "Symantec estimates that the top 10 bot networks now control at least 5 million compromised computers. Throughout 2009, Symantec saw botnet-infected computers being advertised in the underground economy for as little as 3 cents per computer." These are staggering numbers.
Verizon and the United States Secret Service collaborated on a review of approximately 900 cyber breaches. One of their findings was astonishing - 94% of the breaches they reviewed could have been caught if the victims had implemented existing tools and best practices.
The security firm, Kindsight, firm talked to 1200 people aged 18 through 55 about security. 81% of those surveyed said they were victims of computer infections. Almost a third of those infections were in the last 90 days.
Panda Security, which provides security software, did a survey of 1,500 U.S. based businesses and 13% of the companies said they do not use anti virus protection. A different survey indicates that 20% of small businesses do not use antivirus software.
The consequences for businesses that suffer an attack can be devastating:
1. Business banking accounts hacked
Talk to Hillary Machinery Inc and you will feel their pain. Cybercriminals stolen over $800,000 from their bank account. Their bank could only recover $600,000 leaving Hillary Machinery Inc with a gap of $200,000! They have filed a lawsuit against their bank.
2. Losing your customer's data & confidence
3. Theft of intellectual property - I call this the carbon monoxide of cybercrimes - silent, stealthy, and deadly
4. Loss of equipment & productivity after an infection
As we have discussed before, if you are a business customer, your bank account is not offered the same regulatory protections that consumers have for fraud (Regulation E).