- Malware threats, cyberattacks, and online data breaches are becoming more sophisticated and more damaging, requiring companies to continually update technology and online security protocols.
- Malware includes various malicious applications that are surreptitiously installed on a computer, smartphone or tablet, and are designed to secretly extract sensitive data or interfere with critical business operations.
- Vigilance against malware and online threats requires coordinating employee training and updated software tools.
The 2015 AFP Risk Survey found that 34 percent of companies surveyed had been subjected to a cyberattack in the last 18 months. In the face of increasingly sophisticated attacks, companies need to be more diligent about protecting their company funds, intellectual property, and nonpublic customer information. Ignoring the problem could impact a company's bottom line through lost customers, lost sales, and cleanup costs and leave the company open to litigation from customers and authorities.
Malware on the rise
More than 60,000 cyberincidents were reported by federal agencies in 2013, up from 10,000 in 20061. The average cost of a data breach increased 15 percent to $3.5 million in 2014, according to the Ponemon Institute. The most effective way to protect your company is to take steps to secure the corporate Internet connection, the network behind the firewall, and individual employee computers from malware. Some types of malware, such as adware, are more a nuisance than harmful. Others, such as spyware, can be ticking time bombs. To reduce the threat of theft or loss, companies should institute clear policies governing online security and provide training for employees.
Methods of gaining access
Cybercriminals and malware developers employ clever means to get employees to unknowingly download malware. Once installed, malware can be difficult to identify and remove. Here are some common access methods used by cybercriminals:
|Peer-to-peer network bundles
Types of risks
A single employee opening a malicious email can have broad damaging consequences for your company. The malware could download a remote access tool that secretly records a user's activity and keystrokes. The potential for negative events include:
- Theft of company funds: Cybercriminals gain banking and other account credentials and passwords through malware, allowing them to steal and transfer funds to offshore accounts.
- Theft of nonpublic customer information: Data theft is as damaging to a company as a monetary loss, due to the loss of customer goodwill and potential fines and penalties. Target Corporation is expected to face a multi-billion dollar fine as a result of the 2013 data breach impacting 56 million customers.
- Damage to company reputation: In a recent survey, 51 percent of treasurers cited reputational risk as the most severe result of theft2. Cybercriminals – individuals and malevolent organizations – are known to "wipe and release," destroying corporate data stored on networks and releasing unfavorable information to the public. It can severely damage individual or company reputations, such as happened during the attack against Sony Pictures in 2014.
- Risk of denial of service or cyberattack: Some malware are designed to take control of a computer to complete certain tasks and then spread to infect the entire company network. The processing power of so-called zombie computers can direct a denial of service attack, which cripples business operations.
Layered security is the best protection
The strongest approach to online security combines software tools, employee education, threat containment, and network monitoring to reduce risk. Together, they complement each other to create "layered security" for your organization. Here's a brief look at some best technology practices for companies today.
|Technology quick tips
Prevent account compromise or hacking on online banking systems
Protect against data loss
Establish strong network protections and technical controls
Employee education and training also play an essential role in securing critical systems and data. Companies should provide all employees with clear, practical guidance on how to protect themselves and the company against online threats.
Combating malware and online threats requires employee attention and the appropriate software tools. Protecting systems and networks through a layered approach to security provides greater peace of mind and increases the likelihood of achieving business objectives.
Have questions on how to develop or enhance your company's fraud prevention plan? We are here to help. Contact your Silicon Valley Bank Relationship Manager or Global Treasury and Payments Advisor to start a conversation about fraud prevention. Visit the Fraud Prevention Center for additional information and best practices on protecting your company.
1Source: Government Accountability Office
2AFP 2015 Risk Survey
This material is provided for informational purposes only.