Over 90 percent of companies around the world have reported attacks on their systems over the past twelve months. In many countries, attacks on major corporations, in particular, are hitting the headlines. But even small companies and online retailers are popular targets for cybercriminals. In such cases, these attacks center primarily on the theft of intellectual property, or blackmail, with companies being forced to pay up or go out of business. A secure IT structure is, therefore, vital in protecting both your valuable data and your business.
According to current analyses, small and medium-sized companies make particularly popular attack targets for online criminals because of their ideas and innovations. Data loss, security gaps in technology, downtime and corporate espionage aren’t just expensive; they can also threaten the very existence of SMEs, with targeted attacks of this kind resulting in the very highest damages. According to a survey carried out by market research company B2B International as part of its “Global Corporate IT Security Risks: 2013” study on behalf of security provider Kaspersky Lab, small and medium-sized companies found themselves with average damages of 70,000 euros as a result of targeted attacks. This included 55,000 euros in direct costs to plug data leaks, legal costs, lost profits and costs resulting from interruptions or restrictions to business. A further 15,000 euros are needed for preventive measures, like investments in hardware and software, training, and other methods designed to prevent similar occurrences in the future.
Fiscal Damages—The Sky’s the Limit
In major corporations, direct damages incurred due to cyberattacks cost, on average, a good 1.6 million euros. A further 170,000 euros are spent on follow-up activities. The damages incurred vary not just due to the size of the organization, but also due to the industry and business model. In this era of e-business and e-commerce, many companies are open around the clock. If a cyberattack causes system downtime in a company in which IT not only supports business processes, but actually controls them, a total meltdown can occur: production and delivery come to a standstill, goods don‘t leave the warehouse, customers can’t order or pay. The costs for missed working hours – which vary by hourly rate and number of employees affected – are just a rough starting point for the damage caused. Other cost factors include reputational damage, angry customers and contractual penalties for late deliveries—something that is not unusual in the automotive industry. “In industries in which the entire business model relies on IT, system outages can be incredibly expensive,” explains Kaspersky Lab experts. According to calculations by the US market research company Contingency Research, the costs of downtime caused by a Distributed Denial of Service Attack (DDoS) to a major online store, for example, are over 100,000 dollars an hour. For a banking data centre, the per-hour figure can be 2.5 million dollars while, for an online brokerage firm, it can be as much as 6.5 million dollars per hour.
In a study carried out for HP by market researchers Techconsult, experts calculated the tidy sum of 25,000 euros per hour of downtime for business-critical systems in German SMEs. The study also showed that the amount of damages varied according to the size of the company affected: while companies with less than 500 employees suffered damages of only around 20,000 euros per hour of downtime, the figure for companies with more than 1,000 employees was around 40,000 euros per hour.
In Focus: Attacks on Networks
According to Kaspersky Lab, targeted attacks do the most damage. They are, however, by no means the most common threat to companies. According to the study, just five percent of cyberattacks reported in Germany are targeted ones, while 25 percent involve hacking corporate networks. This type of attack can also have tremendous financial consequences: major corporations report an average of 1.3 million euros in financial damages. For SMEs, the figure is an average of 55,000 euros.
Threats are not always external, however. Corporate data can also be vulnerable to security breaches from inside. According to the study, one in five companies have to deal with internal data leaks, for example through employees sending emails containing confidential or sensitive information. The security vulnerabilities caused by the use of mobile end devices—keyword ByoD—also pose a tremendous challenge to companies. According to Kaspersky Lab, vulnerabilities in corporate software are, at 39 percent, the leading cause of cyberattacks. If these vulnerabilities are discovered and exploited by criminals, the costs to major corporations can be a good half-million euros. Small and medium-sized companies are affected, on average, to the tune of 46,000 euros.
How can Companies Protect Themselves?
As targeted attacks perpetrated against corporations by cybercriminals are carefully and professionally engineered, conventional antivirus software alone is insufficient. Instead, far-reaching proactive measures are necessary. Here are five tips from the Kaspersky experts:
1. Invest in security—and thus in the future of your company. “Investing in security solutions is considerably cheaper than losing business through attacks, or paying PR companies to repair a damaged reputation,” explains Kaspersky Lab experts.
2. Use professional security solutions. Cybercriminals are professionals, too. They invest a great deal of money and time in developing and distributing viruses, trojans and spyware. According to Kaspersky Lab, over 200,000 new malware samples appear every day. So it’s very important for small sized companies to install a security solution and be safe and secure. In general the new third version of Kaspersky Small Office Security helps a business owner with just basic computer literacy to centrally manage the entire infrastructure of the company like setting each employee’s individual permissions and access restrictions to internal resources and specific sites or whole categories of web sites (e.g., social networks, etc.). You can also remotely adjust security settings for each computer or mobile device used in the company. There are up to 25 Small Office Security licenses available for every business, and each license covers both a PC (on Windows) and a mobile device (on Android). Thus, the 10 licenses de facto provide protection for twenty user devices. Its key solution includes new features such as, Safe Money to Protect Online Banking , Enhanced Mobile Device Support, Automatic Exploit Prevention, Password Manager, Online Backup along with Web Policy Management, Data Encryption and File Backup, Central Management that help small businesses stay ahead of modern security challenges.
3. Control mobile devices. Using mobile end devices poses a tremendous risk. If a company allows its employees to use such devices, these should be centrally managed, controlled and protected.
4. Create security guidelines and train your employees. Without systematic security guidelines, the situation is chaotic. And employees often (unwittingly) act as accomplices to cybercriminals. In order to prevent this, they should have the risks explained to them, be appropriately trained and be required to follow regulations.
5. Think holistically. The range of corporate IT threats is a wide one, and there is no “silver bullet” solution which protects against everything. Innovative software can provide tremendous security—“but remain alert!”