Targeted attacks are costly, Kaspersky Lab survey shows.
Targeted attacks are costly, Kaspersky Lab survey shows.

Targeted attacks are on the rise and could come at great cost to organizations that haven't taken the appropriate security measures, according to a report from Kaspersky Lab.

Conducted in conjunction with B2B International, the "IT Security Risks Survey 2014" of IT professionals around the globe, found that 94 percent of all organizations had suffered at least one cybersecurity incident in the preceding 12 months. And, of those, 12 percent said they had at least one targeted attack, up from nine percent reported in 2012 and 2013.

“If people want to break into your organization, they will,” Chris Doggett, managing director of Kaspersky Lab North America, told SCMagazine.com, noting that the “rewards are so much higher” and the risk is so much lower than physical attacks “that organized crime has gotten into it.”

Targeted attacks don't discriminate by company size — all organizations are at risk, the report said — but a slightly greater number of larger companies see the threat as major. The survey showed that 38 percent of companies with between 1,500 to 5,000 employees viewing targeted attacks as a major threat while 39 percent of companies with more than 50,000 employees said the same. And, 34 percent, representing mid-sized and small businesses, zeroed in on targeted attacks as a top priority.

Losing sensitive company data topped the list of concerns for companies of all sizes — with 34 percent of those surveyed saying that protecting that confidential information as a main problem for IT.

The high cost of a targeted attack mandates that organizations should step up security. The survey said that a single successful targeted attack could cost an enterprise $2.54 million and a small business up to $84,000. That cost includes losses suffered by the company attacked and repose expenses incurred afterwards such as loss of business investment and extra security training.  

But the attacks are difficult to protect against because they defy traditional security measures such as firewalls. “Criminals can be so covert that they can stay on your system for years” without being detected, said Doggett.

Not surprisingly, the “new tool of choice for hackers is malware,” he explained.

Malware allows for multifaceted attacks that exploit a vulnerability. “The methodology and process are different but it comes down to malware,” he said, pointing to breaches at Target and Home Depot and other retailers as examples. 

As with last year, organizations said the main internal risks stemmed from vulnerabilities in software programs (36 percent) while 29 percent cited unintentional data leaks as a result of employees not being familiar with IT security rules and regulations.

On the plus side, organizations have gotten much better about report threats and sharing information. 

“The attacks have gotten so bad and the rate at which they occur is escalating, [companies] are forced to think about it,” Doggett said.