GENEVA — Companies — especially small and medium-size enterprises — need to strengthen their defenses and have a plan in place to deal with computer attacks ranging from denial-of-service assaults to attempts to knock sites offline, to seeking to steal trade secrets and proprietary information, a senior U.S. official said.
The warning by Christopher Painter, coordinator for cyber issues at the U.S. State Department, comes as a global study, “Internet Security Threat Report 2013,” by the California-based Symantec Corp., found that last year 50 percent of all targeted attacks were aimed at businesses with fewer than 2,500 employees.
“In fact, the largest growth area for targeted attacks in 2012 was businesses with fewer than 250 employees — 31 percent of all attacks [up from 18 percent in 2011],” it said.
The study notes each attack costs businesses an average of $591,780, and World Bank analysts estimated worldwide losses of up to $400 billion a year.
The report outlines that businesses, which covers consumer and industrial goods and services, were at the forefront of Web sites infected by malware, with 7.7 percent of the total of infected sites, and that shopping sites ranked fifth with 3.6 percent of all infected sites.
In an interview, Painter said part of a business plan against an attack should include knowing whom to contact in the law enforcement and technical communities. Firms also should take some practical standard precautions, like updating their software and making sure that their systems are patched.
“A vast number of the intrusions we’ve seen is not because of any real cleverness on the part of the hackers, it’s because the known vulnerabilities, known for some time, were not patched. They didn’t use any virus software. It makes a difference to do that. Just those basic things can go a long way into solving this problem, particularly for companies,” he said.