Silver Tail Systems, a provider of Web session intelligence and behavioural analytics, has announced the results of a survey which reveals that more than one in five (22%) UK businesses are losing over 5% of their annual revenue due to business logic abuse.
The survey of over 400 UK businesses, conducted by Ponemon Institute, says that 90% of organisations’ lost revenue in the past 12 months due to the financial or brand impact of Internet fraud.
Business logic abuse, also referred to as ‘precision hacking’, results from criminals discovering a flaw in the functionality of a website and using it to steal money, confidential information or exploit the system for illicit gains.
Other key findings include:
- Attacks on the rise: Over half (53%) of respondents believe that the severity and frequency of business logic abuses is on the rise, with 39% experiencing over 10 separate incidents in the last year
- Insufficient resources: Only one in three (37%) believe their company is vigilant in monitoring websites for this threat, citing a lack of sufficient technologies (67%), budget (76%) and personnel (66%) as barriers to tackling the issue.
- Lack of accountability: Although 88% of businesses acknowledge that business logic abuse is at least as important as other security issues, the majority are not prioritising it. Results demonstrate no clear assignment of responsibility for reducing the risk of business logic abuse – almost a third (29%) believe the CIO is responsible
- Criminals or customers: The majority (76%) of IT practitioners report difficulty in distinguishing between criminals and ‘real’ customers, with 69% stating threats are hard to detect
- Tricky fix: Once found, 73% of businesses report that it is tough to remediate the effects of an attack, with over one fifth (22%) stating it can take more than a day to fix.
Dr. Larry Ponemon, chairman and founder of Ponemon Institute said: “We found that 76% of IT security practitioners studied say that it is very difficult or difficult to distinguish between the ‘real’ customer and the criminal accessing their website. This indicates that companies need to implement tools and organise their internal teams to protect themselves against business logic abuse.”
Nick Edwards, vice president of marketing at Silver Tail Systems explained: “It’s clear that business logic abuse attacks are becoming increasingly sophisticated and therefore even more difficult to detect and fix. The effects of the attacks can cripple a company in the short-term and create long-term damage to organisations’ reputations. UK companies need to put provisions in place to identify these threats and protect not only themselves, but also the customers. They need to start by monitoring the real-time data from their web traffic in order to analyse it.”
The “2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition” survey was commissioned by Silver Tail Systems and conducted by Ponemon Institute in the UK in October 2012. Over 400 IT and IT security practitioners were surveyed with approximately 10 years IT or IT security experience. The majority of respondents report to either the chief information officer or the chief information security officer. 48% are employed by organisations with a headcount of more than 1,000. The full UK report is available for download here: http://buzz.silvertailsystems.com/Ponemon_UK.html.