Panda Security Study: Turns Out SMBs in the Fog about Online Fraud

Sixty-three percent of SMBs worry about cyber theft due to lack of knowledge on how to protect their businesses. More than 10 percent suffered at least one incident of online fraud or identity theft resulting from attacks such as Mariposa. Banks reimbursed 37 percent of the victims.

The majority of small and medium-sized businesses (SMBs) are not familiar with the banking Trojans used to attain access to and steal from their online accounts. 11 percent of SMBs reported experiencing at least one incident of online fraud. Panda Security (News - Alert) recently released key findings from an independent survey of more than 300 executives and finance professionals from SMBs across 38 industry sectors in the United States.

The study found that 52 percent of those surveyed had little or no familiarity with banking Trojans, the criminal software used to facilitate unauthorized access to a user's online banking account. Sixty-three percent said that they strongly or somewhat believed their bank would return all of the funds to their possession. In stark contrast to this perception, only 37 percent of the victims said all of the stolen funds were actually returned.

According to Sean-Paul Correll, Threat Researcher at PandaLabs, while online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size.

USA Today and the Washington Post have reported extensively on the surge of targeted attacks against SMBs, where banking Trojans are used by cyber-criminals to gain access to their highly attractive and vulnerable online bank accounts. Sophisticated banking Trojans such as URLZone enable cyber-criminals to access the accounts, potentially resulting in a single SMB losing thousands, if not hundreds of thousands of dollars.

The additional key findings from the study include that 58 percent of respondents do not have insurance to protect their business from banking fraud or identity theft, or are unsure if they have any protections in place; 64 percent of respondents have protective and/or procedural methods in place at their organizations to detect or prevent online banking fraud; 15 percent of respondents have not updated security software on all systems where online transactions are conducted or are unsure of the status of their security software.