Interviews

Business logic abuse

by Mark Rowe

More than one in five (22 per cent) UK businesses are losing over 5pc of their annual revenue due to business logic abuse. Silver Tail Systems Inc. , a web session intelligence and behavioural analytics company, which announced the results of the 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition conducted by Ponemon Institute.

The survey of 400 UK businesses, commissioned by Silver Tail Systems and conducted by Ponemon Institute, suggests that 90pc of organisations lost revenue in the past 12 months due to the financial or brand impact of Internet fraud. Business logic abuse, also referred to as ‘precision hacking’, results from criminals discovering a flaw in the functionality of a website and using it to steal money, confidential information or exploit the system for illicit gains.

Other key findings include:

– Attacks on the rise: Over half (53pc) of respondents believe that the severity and frequency of business logic abuses is on the rise, with 39pc experiencing over 10 separate incidents in the last year.

– Insufficient Resources: Only one in three (37pc) believe their mpany is vigilant in monitoring websites for this threat, citing a lack of sufficient technologies (67pc), budget (76pc) and personnel (66pc) as barriers to tackling the issue.

– Lack of Accountability: Although 88pc of businesses acknowledge that business logic abuse is at least as important as other security issues, the majority are not prioritising it. Results demonstrate no clear assignment of responsibility for reducing the risk of business logic abuse – almost a third (29pc) believe the CIO is responsible.

– Criminals or Customers: The majority (76pc) of IT practitioners report difficulty in distinguishing between criminals and ‘real’ customers, with 69% stating threats are hard to detect.

– Tricky Fix: Once found, 73pc of businesses report that it is tough to remediate the effects of an attack, with over one fifth (22pc) stating it can take more than a day to fix.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute says: “We found that 76pc of IT security practitioners studied say that it is very difficult or difficult to distinguish between the ‘real’ customer and the criminal accessing their website. This indicates that companies need to implement tools and organise their internal teams to protect themselves against business logic abuse.”

Nick Edwards, vice president of marketing at Silver Tail Systems adds: “It’s clear that business logic abuse attacks are becoming increasingly sophisticated and therefore even more difficult to detect and fix. The effects of the attacks can cripple a company in the short-term and create long-term damage to organisations’ reputations. UK companies need to put provisions in place to identify these threats and protect not only themselves, but also the customers. They need to start by monitoring the real-time data from their web traffic in order to analyse it.”

About the findings

The 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition survey was commissioned by Silver Tail Systems and conducted by Ponemon Institute in the UK in October 2012. Over 400 IT and IT security practitioners were surveyed with approximately 10 years IT or IT security experience. The majority of respondents report to either the chief information officer or the chief information security officer. Some 48pc are employed by organisations with a headcount of more than 1,000. The full UK report is available for download here: http://buzz.silvertailsystems.com/Ponemon_UK.html.

Related News

  • Interviews

    Fraud report

    by Mark Rowe

    Police and Crime Commissioners from across the UK gathered in London in October for a state-of-the nation briefing and discussion about economic…

  • Interviews

    BSIA luncheon speaker

    by Mark Rowe

    The inspirational speaker and former British Army Officer, Chris Moon, is the keynote speaker at the British Security Industry Association (BSIA) Annual…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing