Targeted attacks on business are starting to tick upwards: A full 94% of organizations have encountered at least one cybersecurity incident this year so far, according to Kaspersky Lab. And 12% of respondents indicated that they experienced at least one targeted attack.
In its latest study, the firm noted that that number is a significant increase from the 9% reported in Kaspersky Lab’s 2012 and 2013 studies.
Targeted attacks are much more damaging than other types of incidents, like simple spam campaigns. Damages from one successful targeted attack could cost a company as much as $2.54 million for enterprises and $84,000 for small businesses—enough to put many organizations out of business.
This takes into account both the losses incurred by the company as a result of a targeted attack as well as the repose expenses that a company will have to take on after the incident, including the loss of business opportunities (tarnished reputation, breach of contracts resulting from the incident, etc.), investment in services and solutions to prevent additional incidents, and extra security training for both IT staff and company employees.
Fortunately, awareness is growing along with the threat: Kasperky found that 38% of companies with 1,500 to 5,000 employees, and 39% of companies with more than 50,000 employees, said that targeted attacks are their No. 1 concern. Mid-sized and small businesses were only moderately less concerned, with 34% of the respondents naming protection against targeted attacks as a key priority.
Also, more than one-third (34%) of companies named the protection of confidential data against targeted attacks as a key problem for IT management teams.
But, awareness and preparedness are clearly out of sync, as the growing numbers of targeted incidents show. "The survey results clearly indicate that many businesses now recognize that the threat of a targeted attack is very real and could be very harmful for their organization,” Chris Doggett, managing director at Kaspersky Lab North America, in a statement. “However, we are seeing that the number of companies that are actually taking that knowledge and turning it into an action to protect their organization from such attacks is still alarmingly low.”
He added, “With major breaches being reported regularly now, it is critical for businesses of all sizes to make protection of their IT infrastructure their top priority, especially given the damages that arise from each successful targeted attack.”