Targeted attacks are on the rise and companies that don’t take the necessary steps to secure their IT infrastructure could incur a massive financial blow, according to a Kaspersky Lab and B2B International survey.
The study found 94 percent of organizations encountered at least one cyber-security incident in the past 12 months, and of these incidents, the number of organizations that reported having at least one targeted attack rose substantially.
Twelve percent of respondents indicated that they experienced at least one targeted attack in the past year--up from the 9 percent reported in Kaspersky Lab’s 2012 and 2013 studies.
"The survey results highlight how damages from one successful targeted attack could cost a small business as much as $84,000. As a result, a targeted attack stands as one of the largest threats to a small business and can be crippling for their organization," Chris Doggett, managing director of Kaspersky Lab North America, told eWEEK. "Unfortunately, we see that many businesses of all sizes are unprepared to face a targeted attack. Small businesses also face the challenge of both a lack of resources and, in many cases, do not have an internal IT security expert with the knowledge to combat today’s sophisticated threats. As a result, it is very important for small businesses to invest in effective technology to help protect their organization."
The survey found that large companies in particular see targeted attacks as a major threat, with 38 percent of companies with 1,500-5,000 employees, and 39 percent of companies with more than 50,000 employees naming targeted attacks as their No. 1 concern.
Midsize and small businesses were only moderately less concerned, with 34 percent of the respondents naming protection against targeted attacks as a key priority.
Doggett said one of the major stumbling blocks for small businesses is that companies do not take the security knowledge they obtain and turn that insight into action by investing in technology, creating effective security policies and educating employees about cyber-security.
More than one-third (34 percent) of companies named the protection of confidential data, such as client data, financial data and other kinds of information, against targeted attacks as a key problem for IT management teams.
"It’s time for organizations to take that knowledge and use it to better secure their IT infrastructure," he said.
Doggett also explained complex cyber-espionage campaigns and APTs will continue to be battlegrounds where cyber-criminals will defeat enterprise security measures and pillage corporate assets.
"As a result, large companies will increase their emphasis on security intelligence and threat detection in the coming year," he noted. "In addition, the prevalence of cyber-espionage campaigns designed to steal intellectual property assets of large companies will increase, driving a focus on the efficacy of technologies to detect and block such attacks."