UK cyber attacks driven by fraud, says Ponemon Institute

Financial fraud is the motivating factor behind 63% of targeted cyber attacks on UK businesses, reveals a study by the Ponemon Institute

Financial fraud is the motivating factor behind 63% of targeted cyber attacks on UK businesses, a study by the Ponemon Institute has revealed.

This is followed by customer data (48%) and intellectual property theft (46%), while only 2% of security attacks were thought to have been driven by political or ideological agendas.

UK businesses are also reporting 68 attempted cyber attacks a week, with successful attacks costing businesses an average of £144,000, according to the Impact of Cybercrime on Business report commissioned by security firm CheckPoint.

Estimates include variables such as forensic investigation, investments in technology and brand recovery costs. But the biggest consequences of targeted attacks were the loss of sensitive data and the disruption of business operations, respondents said.

The study, which polled more than 500 C-level executives and senior IT staff in the UK, found SQL injection (SQLi) attacks were the most serious type of attacks in the past two years, according to 55% of respondents. This was followed by web-based malware infections (35%), advanced persistent attacks and denial-of-service attacks (29%).

When asked to rank employee activities that pose the greatest risk, most respondents cited the use of mobile devices - including smartphones and tablet PCs - as the biggest concern. This was followed by remote access to the network, removable media devices such as USB sticks and social networks.

While most companies have important security building blocks in place, such as firewall and intrusion prevention systems, less than half of UK companies (44%) surveyed have protections to fight botnets and advanced threats, the report said.

“Cyber crime has become a business. With bot toolkits for hackers selling today for just $500, it gives people insight into how big the problem has become and the importance of implementing pre-emptive protections to safeguard critical assets," said Tomer Teller, security evangelist and researcher at Check Point Software Technologies. 

The most common goal of attackers is to obtain information such as credit card data, employee records and social media login details, Teller said.

“Unfortunately, the rate of cyber crime seems to be climbing as businesses experience a surge in web 2.0 use and mobile computing in corporate environments. This gives hackers more channels of communication and vulnerable entry points into the network," said Teller.

While the types of threats and level of concern companies have may vary across regions, security awareness is rising, said Larry Ponemon, chairman and founder of the Ponemon Institute.

"Across the board, C-level executives reported high levels of concern about targeted attacks and planned to implement security precautions, technology and training to mitigate the risk of targeted attacks,” he said.

Read more on Hackers and cybercrime prevention