The favorite targets remained the financial services sector and healthcare. The main facilitators for these Cyber-crimes are infected web-sites – 63%, infected e-mails – 48%, “phishing” attacks – 48% and social engineering networks – 43%.

The most sought-after targets by Cyber criminals are customers’ data, personal identifiable information of customers and login/password information as well as account information while the most impacted areas are business partner/service supplier network, web services and third parties with access to data mentioned above.

66% of the respondents agree that an increase in out-of-work IT professionals will lead to more people with technical skills joining the cyber-criminal underground economy and 62% of respondents do not believe their business dedicates enough time, money and resources to locating vulnerabilities.

And the arms race is gathering pace: 41% of the respondents have indicated an increase in the technical sophistication of attacks on their network, 49% of the respondents from financial services companies have registered an increase in the technical sophistication of attacks on their customers and 63% of the respondents classify infected websites as an attack vector most likely to lead to a fraud or compromise of their customers’ online security.

In the current economic climate, the risks of internal e-Crime cannot be neglected. More than 60% of the respondents agree that the highest risks are posed by theft of customer or employee data, knowledge of weak points in business processes/systems being deliberately exploited and theft of intellectual property or business sensitive data by insiders or ex-employees.

“Not surprisingly at all, we come to the conclusion that the companies that know their security systems very well and invest more in security are less worried than those that don’t invest,” Aurelia Costache, IT Advisory Partner - KPMG in Romania said.

Malware has become very accessible, even to novice attackers. For just a few dollars you can buy or you can even rent a software product which can gather credentials data from a remote target machine.

Malware has no portability issues (PC, laptop, corporate network) due to its ever-changing architecture and automation and artificial intelligence make it very difficult for it to be detected and removed. (When new versions are available it automatically auto-updates, tries to infect the real machine if it detects that it has been installed on a virtual machine, and if it detects that it has been detected, it removes itself from the memory to avoid being captured for further analysis etc).

Social engineering attacks are still very efficient and are among the top data gathering techniques, because the information available on the Internet is so granular.

Phishing attacks are becoming more and more present in the financial services sector (according to 47% of the respondents), the major difficulty being clients’ lack of experience. Current anti-malware solutions do not offer efficient protection for end-computer security (as long as the malware runs in the same memory area as the anti-malware solution, it can stop the anti-malware solution).

Individual Internet users, followed by government and Internet service providers are viewed as contributing the least to the battle against e-Crime. This leads to a severe trust downgrade in the secure and confidential usage of Internet oriented services.

The old times when the biggest threat was the target-less Cyber-attack used only to harm businesses are now gone. Today these have been replaced by sophisticated threats against organizations or specific economic sectors. Data means money and winning or losing the Cyber-crime battle makes a difference.

“For Cyber-criminals, it does not matter any more if a security solution is in place or not for protecting companies’ systems. Now, this has no relevance at all. Cyber-criminals can easily bypass or overcome the majority of these systems and moreover they can manipulate them. The clear message emerging from this survey for executive management is to be aware that the departments responsible for protecting the business against Cyber-crime must not be on the cost-cutting list. On the contrary, the resources needed by these departments should be assured in order for them to provide a low-risk environment for the business to operate”, Aurelia Costache continued.
For this e-Crime survey, AKJ Associates and KPMG interviewed 307 people from fraud analysis, corporate information security, audit and risk management departments.
The majority of the respondents (approximately 80%) are currently working in the private sector and represent opinions from a range of industries: Financial Services, Retail, Telecommunications, Oil and Gas, Service Providers, Media, Transportation and Logistics.