Companies wary of risks posed by cybercrime

News by SC Staff

Cybercrime is perceived as a major business risk to organisations with risks to IP and sensitive corporate information the main concern.

Cybercrime is perceived as a major business risk to organisations with risks to IP and sensitive corporate information the main concern.


Following a report by Finjan, the results show that corporate data, especially business and patient data, are perceived as vulnerable to theft by malware. Meanwhile respondents working in a corporate management (IT/Security) are concerned about business risks that may result from data-theft.


Respondents also claimed that data breaches could go unnoticed, with malware their business data as a greater issue than virus infections. Results also showed that companies do not have a Web 2.0 policy in place and real-time content inspection is the most suitable technology for modern threats.


Of those surveyed, 33 per cent of the respondents were convinced that their organization had never been breached by malware, while 25 per cent reported that they had been breached, with an overwhelming 42 per cent of respondents who were not sure or could not exclude a possibility of a breach due to the sophistication of today's cybercriminals and cybercrime attacks.


Yuval Ben-Itzhak, chief technology officer of Finjan, said: “It is indicative of the domination of criminal gangs in the malware and security attack business these days.


“Crimeware-as-a-service, or CaaS, represents the latest phase in the commercialization of hacking methods and tools as indicated by our Malicious Code Research Center (MCRC) report at the beginning of this year. The process of conducting criminal activities is getting even more advanced by simplification – getting straight to stolen data as a service.


“In our Q1 2008 report, we highlighted the fact that cybercriminals are deploying malware, botnets, and infected computers to provide online hacking services to anyone willing to pay - the providers themselves do not necessarily conduct the criminal activities related to the data that is being compromised.


“These services are managed remotely and include features that facilitate the installation of the crimeware program, running the service, online reporting and even offering ongoing maintenance.


“As IBM notes, the legality of the new crop of these services is questionable at best, but we suspect that we are going to see more and more of these types of ‘commercial' services emerging in the near future.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike