As the number of cyber attacks against businesses increases, the majority of small and medium-sized businesses (SMBs) are not familiar with many of the online threats they face.
A recent study of executives and finance professionals from SMBs across 38 industry sectors in the United States showed that 63 percent worry about cyber theft, yet lack knowledge on how to protect their businesses.
Conducted throughout January 2010, the independent survey released by Panda Security showed that despite highly publicized cyber attacks against businesses, most are not familiar with the banking Trojans used to attain access and steal from their online accounts. In addition, 11 percent of SMBs reported experiencing at least one incident of online fraud.
Businesses don’t appear to fully understand the financial impact these threats can have on their organizations. Sixty-three percent of organizations surveyed said they strongly or somewhat believed their bank would reimburse any funds lost resulting from online fraud. For those businesses that have been a victim of loss due to online fraud, only 37 percent said all of the stolen funds were actually returned.
“While online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size,” said Sean-Paul Correll, threat researcher at PandaLabs. “In addition, U.S. law puts the burden on business owners for keeping funds secure, rather than the banks. The majority of SMBs surveyed weren’t aware of this fact, which means they are operating with a false sense of security.”
Other key findings from the study include:
o 58 percent of respondents do not have insurance to protect their business from banking fraud or identity theft, or are unsure if they have any protections in place.
o 64 percent of respondents have protective and/or procedural methods in place at their organizations to detect or prevent online banking fraud.
o 15 percent of respondents have not updated security software on all systems where online transactions are conducted or are unsure of the status of their security software altogether.
According to the study, 71 percent of SMBs are at least somewhat likely to implement new protective or procedural methods in the future to prevent online banking fraud.
Current Federal laws require banks to reimburse individuals for such occurrences, limiting the loss to $50 if the bank is notified within two business days. Business accounts, however, do not have these protections.