Another day, another scheme. Hackers are hard at work coming up with new ways to make everyone pay — from customers to businesses, and even governments. In this week’s Hacker Tracker, we take a look at the latest figures for how much cyberattacks are really costing us and how the hackers just keep coming out on top.
That’s the average amount of money a large business can end up spending for a single cybersecurity incident. For SMBs, the cost of a cyberattack comes in at around $86,500, on average.
The “Measuring the Financial Impact of IT Security on Businesses” report, conducted by global cybersecurity firm Kaspersky Lab, revealed that roughly half (49 percent) of U.S. businesses, and over half globally (52 percent), work under the assumption that their IT security will, at some point, be compromised due to a cyberattack.
Talk about a grim outlook.
But can you blame them? Cyberattacks have become a mainstream occurrence and, unfortunately, just another cost of doing business.
“The survey proves that reaction time post-breach has a direct impact on financial losses,” Vladimir Zapolyansky, head of SMB marketing for Kaspersky Lab, said in a press release. “This is something that cannot be remedied via budget increases. It requires talent, intelligence and an agile attitude towards protecting one’s business. As a security vendor, our goal is to provide tools and intelligence for businesses of all sizes, keeping in mind the difference in ability to allocate security budgets.”
Over the last 12 months, the study found that more than a third (34 percent) of U.S. businesses surveyed said they were impacted by viruses and malware resulting in a loss of productivity, while almost the same number have experienced inappropriate IT resource use by employees (32 percent). During this same timeframe, 77 percent of the businesses admitted that they have suffered between one and five separate incidents of data loss, leakage or exposure from data breaches, compared to 82 percent globally.
Cybercrime On The Consumer Side
Businesses aren’t the only one cyberthieves have their eye on.
Just like corporations and other private entities, citizens that fall victim to cyberattacks also have to deal with resulting costs and damages.
According to a survey by Zogby Analytics for Hartford Steam Boiler Inspection and Insurance Company (HSB), victims of the cybercrimes almost always had to spend money to recover from the attack, whether it was money spent to restore data or to purchase software. In 23 percent of the cases, the amount spent was between $1,000 and $5,000, while 56 percent spent less than $500.
The data revealed that more than one-third of U.S. consumers have experienced a computer virus, hacking event or some other cyberattack during the past 12 months.
“Consumers rely on smartphones, personal computers and tablets for virtually every aspect of their lives,” said Timothy Zeilman, vice president and counsel for HSB, part of Munich Re, in a press release announcing the survey results. “Their personal information is stored online, and increasingly, their home systems are connected to the internet. The threat to cybersecurity for individuals and families is significant and growing.”
Online fraud that led to theft of money or property happened to 18 percent of the survey respondents, while 11 percent faced a cyberextortion threat or demand, with 71 percent of the incidents involving demands for payment to unlock encrypted data.
Card Skimming Gets Innovative
This week, the Secret Service issued a warning to banks and ATM operators about the dangers of “periscope” skimmers — internally installed card-stealing technology that enables a pre-existing card reader to skim the magnetic stripe. These types of skimmers have been discovered at ATMs in both Pennsylvania and Connecticut.
The probe is not visible to ATM users, comes equipped with battery power and has enough storage to hold up to 32,000 credit card numbers at a time. The most at-risk ATMs seem to be those with openable lids, since they offer the easiest path to internal access.
The “good news” is that, while these devices are good for skimming card data, they don’t have access to consumer PINs. The not-so-good news — or, at least, the alarming possibility — is that these skimmers weren’t actually being used for anything but intel in preparation for a larger heist.
More Cybersecurity, More Problems?
There’s a big reason why banks may not be too happy with proposed regulations that could establish cybersecurity programs for them.
It could end up costing banks and insurers millions.
This week, New York Governor Andrew Cuomo and the top bank regulator for the state proposed requiring banks to detect and deter incoming cyberattacks to protect consumer data by implementing systems under a chief information security officer. The banks would also be required to notify New York’s Department of Financial Services of any data breach within 72 hours of the occurrence.
“This regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyberattacks to the fullest extent possible,” Gov. Cuomo said in a statement.
The motivation for the proposed regulations stems from mounting concerns that hackers are targeting Wall Street and the U.S. financial infrastructure.