Businesses Underestimating the Threat of Web-based Attacks

Malware is becoming more subtle and used by criminals in blended attacks for stealing data. However, many businesses do not realise the threat has changed, according to a new survey
 
May 17, 2011 - PRLog -- Malware has evolved significantly in recent years, and estimates of the increase in annual volumes range from 50% to 100%.

As well as the increase in volume, malware is becoming harder to detect and more subtle in its functionality, and the methods by which it is distributed are also causing concern. Websites are now the most popular attack vector and the objective is data theft, be it employee or customer data or intellectual property.

Legitimate sites are being used to distribute malicious code, snaring unwary visitors into downloading viruses and giving away information. In addition we are witnessing more and more attacks that use Facebook and Twitter as a vector.

Business publication Computing, in association with software vendor Symantec, surveyed 150 business decision makers in order to understand their view and experiences of web attacks. The survey also asked how organisations protect their data, their brand and their customers from phishing attacks or hacks of their corporate website.

A massive 79% of the survey respondents reported that their systems have been infected with malware. 41% reported phishing attacks with 32% suffering other forms of “social engineering” or deceptive attacks, leading to malware being downloaded onto their networks.

The survey revealed that at least one in ten businesses websites have been compromised in one way or another. Imagine a high street in which one in ten shops has been broken into, with the thieves stealing customer information, credit card details, names, addresses, dates of birth and so on and you start to appreciate the scale of the problem. For these firms their shop window has become an open door. A further 12% did not know whether they had been compromised or not, or were not prepared to say.

So, how did these businesses discover their website had been compromised? Worryingly only a quarter reported that their IT security systems detected the breach before serious harm was done. More common was the situation in which the website had been obviously defaced. Often this defacement was reported by customers rather than staff – hardly a desirable situation.

Computing asked what systems respondents had in place to alert them in the event of a website compromise

34% of respondents have their website scanned regularly (usually daily) as part of the service provided by either the certificate authority (CA) or web security vendor. However, in excess of 35% of respondents have no formal system in place and 27% rely on scheduled penetration testing. Penetration testing (often put in place for compliance requirements) will pick up compromises but it is usually performed quarterly or bi-annually. This means that a website breach could lie undiscovered for months silently siphoning off corporate assets.

The survey illuminates a remarkable blind spot. While the threat of malicious code being spread by websites was listed as the number one concern, very few of the respondents saw their own website as being at risk of becoming vector for malware – music to the ears of the virus writer!

Read the full report: http://www.ithound.com/abstract/computing-white-paper-web...

# # #

Incisive Media is one of the world's leading B2B information providers, serving the financial and professional services markets globally.
End
Source: » Follow
Email:***@incisivemedia.com Email Verified
Tags:Virus, Malware, Social Networking, Identity Theft, Trojan, Data Theft, Website, Organised Crime
Industry:Computers, Security, Internet
Location:England
Account Email Address Verified     Disclaimer     Report Abuse
Page Updated Last on: May 18, 2011
Incisive Media Ltd News
Trending
Most Viewed
Daily News



Like PRLog?
9K2K1K
Click to Share