Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Almost Half of All Retail and Financial Services Organizations Were Attacked by Malware Last Year

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

About half. Nearly one out of two. Close to 50 percent. No matter how you slice it, the numbers coming out of a new ThreatMetrix™ study are pretty scary.

Sponsored by ThreatMetrix and conducted by Info-Tech Research Group, a 28,000 member global leader in providing tactical information technology research and analysis, the ThreatMetrix 2012 State of Cybercrime studysurveyed U.S. business managers and IT executives in retail and financial services organizations. It found that fully 45 percent of all retail and financial services organizations were victims of malware, Trojan and phishing attacks, lost or stolen mobile devices and data breaches.

“We’ve seen a trend this past year where fraudsters who have traditionally attacked larger financial institutions are now working their way down to less protected organizations,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Due to the fact that these Trojans are readily available, fraudsters utilize the same sophisticated Trojans used on banks and financial institutions to attack online retailers, smaller payment processors and government entities. While banks are more familiar with these types of attacks, less sophisticated organizations are less prepared and typically do not have the right tools in place to defend themselves.”

Despite the fact that both company and consumer data was compromised, less than one in five respondents made significant changes to their IT security systems – with a third just going along doing business as usual.

According to Baumhof, regular updates must be made to cybersecurity platforms every year to keep the technology relevant.

“Cybersecurity and fraud prevention too often seem like insurance – once a company implements a strategy, it is never thought of again unless an attack occurs,” said Baumhof. “Even after an attack, company owners think if they’ve operated a business for ten years as is, they do not need to change their security solutions now. The fact is, once an attack has happened, cybercriminals will keep coming back if significant changes are not made to your cybersecurity platform. The question is not if they will come back, but when.”

Knowing the frequency of cyberattacks allows companies to build a more efficient security infrastructure. Additionally, implementing a total cybercrime strategy, rather than just relying on one or two security features and doing security piecemeal, provides the best possible protection from malware, account takeover and other threats.

For more information on this study, download the full report at:

By ThreatMetrix Posted