Fraudsters and cybercriminals are naturally attracted to vulnerabilities and are just waiting for those loopholes to show up. Apart from becoming more sophisticated and adopting evasive tactics, not much has changed in their modus operandi – at least according to ThreatMetrix.
The study also noted that the most common IT security attacks incurred by retail and financial institutions included malware, trojan, phishing attacks and data breaches, as well as lost or stolen mobile devices.
But while cybercriminals have traditionally attacked large financial institutions and banks, their targets are now small and less protected organizations. ThreatMetrix, a rapidly growing provider of integrated cybercrime prevention solutions, appears to confirm this trend in its 2012 State of cybercrime study.
One reason, the study noted, could be the fact that as these trojans are readily available, fraudsters prefer to use the same line of attack on online retailers and smaller payment processors. Whereas banks are pretty familiar with these modes and are prepared, less sophisticated organizations just don't have the right tools to face the onslaught.
This could be attributed to the fact that companies, small or big, tend to get complacent over a period of time and just don't bother to update their arsenal to counter security attacks of a more sophisticated nature.
"Cyber security and fraud prevention too often seem like insurance – once a company implements a strategy, it is never thought of again unless an attack occurs," said Andreas Baumhof, chief technology officer at ThreatMetrix.
During a security breach, both company and consumer data is compromised, but as this doesn't happen every day, they’re lulled into a false sense of complacency that prevents them from making significant changes to their IT security systems.
What’s even more alarming is that almost one-third of organizations that have been attacked continue as before as if nothing ever happened, and less than one in five respondents updated their security systems following a breach.
Baumhof cautions companies and urges them to update their cybersecurity platforms regularly to keep the technology relevant. These businesses must understand the frequency of such threats and adopt a holistic cybercrime approach that might deter fraudsters from coming back.
In essence, the question is not “will they attack,” but “when will they do so?” At that point, companies will perhaps rid themselves of this state of complacency and regard security threats as realities that can happen at any time.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, Jan 29- Feb. 1 in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.