We often think of malware as being designed to sit beneath the radar, collecting data in stealth mode, for the purposes of fraud or corporate espionage. Increasingly however, we’re witnessing attacks on corporations designed to cause substantial economic losses via wholesale destruction.
For example, the Shamoon malware that recently hit Saudi Arabia-based Aramco (the world’s largest oil company) and RasGas (a Qatar-based gas company) corrupted files on tens of thousands of workstations, overwriting the Master Boot Records.
These malware attacks, which may well have targeted website vulnerabilities, resulted in destruction on an industrial scale. At Aramco, IT professionals were forced to replace 30,000 PCs and laptops. RasGas meanwhile, had to shut down all email communications, and the company’s website was forced offline.
In the face of what looks like a new destructive strategy, how secure are the websites of corporate America? We asked 100 IT managers working in small, medium and large companies in the United States.