• 63 percent of SMBs worry about cyber theft, yet lack knowledge on how to protect their businesses.
• More than 10 percent suffered at least one incident of online fraud or identity theft resulting from attacks such as Mariposa.
• 37 percent of victims were fully reimbursed by banks.
Despite highly publicized cybercriminal attacks against businesses and the ongoing rise of malware perpetrated through schemes such as the Mariposa botnet recently dismantled by Panda Security and others, the majority of small and medium-sized businesses (SMBs) are not familiar with the banking Trojans used to attain access to and steal from their online accounts. In addition, 11 percent of SMBs reported experiencing at least one incident of online fraud. These statistics are some of the key findings from an independent survey released today by Panda Security of more than 300 executives and finance professionals from SMBs across 38 industry sectors in the United States.1
Conducted throughout January 2010, the study found that 52 percent of those surveyed had little or no familiarity with banking Trojans, the criminal software used to facilitate unauthorized access to a user’s online banking account. Despite the lack of understanding about malware threats, the majority of respondents (63 percent) remain concerned about online banking fraud or identity theft in their organizations.
The study also revealed a big gap between what businesses expect in the way of reimbursement from banks resulting from online fraud versus what funds are actually returned. Sixty-three percent said they strongly or somewhat believed their bank would return all of the funds to their possession. In stark contrast to this perception, only 37 percent of the victims said all of the stolen funds were actually returned. A graphic of this statistic is available at bit.ly/bYFRCz/.
“While online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size,” said Sean-Paul Correll, threat researcher at PandaLabs. “In addition, U.S. law puts the burden on business owners for keeping funds secure, rather than the banks. The majority of SMBs surveyed weren’t aware of this fact, which means they are operating with a false sense of security.”
Throughout 2009 and into 2010, mainstream publications such as USA Today and the Washington Post have reported extensively on the surge of targeted attacks against SMBs, where banking Trojans are used by cybercriminals to gain access to their highly attractive and often more vulnerable online bank accounts. These organizations, which range in size from 1 to 500 employees, typically have fewer in-house resources and budgets for IT security, placing them at greater risk of attack. Sophisticated banking Trojans such as URLZone enable cybercriminals to access the accounts, potentially resulting in a single SMB losing thousands, if not hundreds of thousands of dollars. Furthermore, destructive zombie armies, such as the Mariposa botnet that Panda recently helped shut down in an international coordinated effort with IT security firm Defence Intelligence, Spanish Guardia Civil and the FBI, continue to steal banking credentials at alarming rates.
Additional key findings from the study include:
• 58 percent of respondents do not have insurance to protect their business from banking fraud or identity theft, or are unsure if they have any protections in place;
• 64 percent of respondents have protective and/or procedural methods in place at their organizations to detect or prevent online banking fraud;
• 15 percent of respondents have not updated security software on all systems where online transactions are conducted or are unsure of the status of their security software altogether.
To download the survey, go to pandasecurity.com/homeusers/downloads/white-papers/. In addition, small business owners who feel their systems have been compromised, or who would like to learn more about the SMB study, should visit us.pandasecurity.com/criticalalert/ for additional support from a Panda Security professional.
According to the study, 71 percent of SMBs are at least somewhat likely to implement new protective or procedural methods in the future to prevent online banking fraud. Panda Cloud Protection, Panda Security’s hosted security service for endpoints and email, offers businesses the most proactive, lightweight and easy to manage protection against the threat of banking Trojans and online fraud. Managed through a central Web console that eliminates the need for IT infrastructure investment, Panda Cloud Protection can be administered internally or via an outside services provider. Like all other Panda Security products, Panda Cloud Protection utilizes the company’s Collective Intelligence technology to protect businesses against the latest threats instantaneously via the cloud. To learn more about Panda Security’s full suite of security solutions for businesses, please visit pandasecurity.com/usa/enterprise/.
1 The random survey was conducted by Conduit Systems, LLC on behalf of Panda Security in January 2010 among non-users of Panda solutions.
The sample size and distribution was 307 U.S. executives and financial managers across 38 industries in companies with fewer than 500 employees.
The survey was carried out online, through prior invitation via email.
Sample error: Sampling error calculation has been based on p=q=0.5 for a confidence level of 95%.
About Panda Security
Founded in 1990, Panda Security (pandasecurity.com) is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples per day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on PC performance. Panda Security has 56 offices throughout the globe with US headquarters in California and European headquarters in Spain.
Panda Security collaborates with Special Olympics, WWF and Invest for Children as part of its Corporate Social Responsibility policy.
Latest IT news from various domains: antivirus, software, innovation, usa, internet, business, security. Also articles and interviews.