Companies 'not ready' for cyber attacks

2012-09-19 14:25

Cape Town - Nearly half of firms globally are not prepared for cyber threats on their networks, research has shown.

Research conducted by B2B International in conjunction with security company Kaspersky Lab showed that while firms recognise the threat from cyber crime, over 40% are not actively engaged in protecting themselves from an attack.

"According to the survey, in 41% of cases the answer is 'no' - corporate infrastructure lacks the necessary protection to handle online attacks," Kaspersky Lab said.

Corporate attacks are becoming more dangerous, particularly where there are real world targets such as the Iranian nuclear facilities attacked by the Stuxnet worm and the follow-up Flame malware that had specific targets.

The firm also identified additional malware linked to the Flame virus and that development of the code went as far back as 2006.


Kaspersky said the latest analysis shows that "at least three other Flame-related malicious programs were created" but added that "their nature is currently unknown".

According to the survey, employees are not sufficiently aware of the risks of malware.

"Only 27% of business representatives had heard about the first example of the modern cyber weapon - Stuxnet; fewer still knew about the Trojan Duqu designed for the targeted collection of confidential information (13%)," said Kaspersky.

Civil servants in Taiwan were put through a mandatory internet security course after failing a company test on spam.

Nearly one sixth, or 1 000, of the New Taipei City employees opened an e-mail purporting to contain a sex video of a local celebrity.

Cyber criminals often use methods that rely on human behaviour to gain entry to otherwise secure systems.

"They send mail to executives, HR [human resources] guys, financial guys who are less technical with some interesting PDF file or Excel file, trying to give you some interesting information.

"Non-very-technical people open it and infect their computers and then it propagates inside the network," Sergey Novikov, head of Kaspersky Lab Global Research and Analysis Team told News24.

- Follow Duncan on Twitter

  • mzakes.matabata - 2012-09-19 14:54

    Corporates are heavily fortified in terms off Firewalls, IPS's and the likes, so the problem is not that they are vulnerable from online attacks but rather from social hacking and employees who are ultimately the biggest danger to a companies IT infrastructure. Stuxnet for example was placed on a Iranian scientist notebook outside their nuclear facility's via flash drive.

      kim.attree - 2012-09-19 17:13

      I would disagree, A firewall is great, but many large scale companies still have undiscovered flaws and backdoors. You can check my twitter @KimAttree for 3 x Exploits found at CELL-C a few months back...and thats one of very very many.

      mzakes.matabata - 2012-09-20 08:30

      Than they have the wrong people doing the job, these days having backdoors in your network as like not having any security at all. You can have the most advanced technology but if it's not implemented correctly you will have issues.

      mzakes.matabata - 2012-09-20 08:39

      More to the point how did they pick up the exploits? not updating you infrastructure Servers/software. you must have people that stays on top of these things.

      haig.tait - 2012-10-12 10:40

      mazkes...something called a SQL INJECTION can be used to infultrate a company..... IPS's,firewalls will not protect you..........

  • classwar.trotsky - 2012-09-19 14:59

    The Israeli's and Americans are creating the market and the solution. The Military-Industrial comlex has branched out into the IT world. Read the Shock Doctrine by Naomi Klein. Manufactured shock event = Problem = Previously Taboo Solution. The entire Homeland Security Complex was ushered in after 9/11. Convenient. It is Friedman's Chicago School of Economic Theory in action. And it is only just the beginning.

      mzakes.matabata - 2012-09-19 15:06

      As far as Flame is concerned i have to agree with you as it was developed by Israel and sponsored by the USA, but i don't think the intention was to let it spread just to cripple Iran's nuke program.

  • mzakes.matabata - 2012-10-25 16:02

    @haig.tait, that would be sloppy coding with correctly structured and syntax code SQL Injection is not that easy. Anyway most webserver these days live in a DMZ so your corporate network is protected from any such attacks.

  • pages:
  • 1