Menlo Park, CA – October 2, 2012 – Silver Tail Systems, Inc., the leader in web session intelligence and behavioral analytics, together with independent research firm, Ponemon Institute, today announced the results of the Web Session Intelligence & Security Report: Business Logic Abuse Edition. The survey, which included participation from over 600 IT professionals, comes on the heels of reports of attacks on several major financial institution websites last week. According to 88 percent of survey respondents, business logic abuse is equally or more important than any other security issues facing their company today, yet the web traffic visibility, people and processes to adequately deal with the problem are largely non-existent in most companies today.
Business logic abuse occurs when criminals exploit functionality used by legitimate visitors of a website to perpetrate cyber attacks, hacks or fraud. The impact of this type of attack is widespread with 90 percent of the organizations interviewed reporting revenue losses due to business logic abuse. Compounding the problem is the fact that 74 percent say it is difficult to distinguish between the “real” customer and a criminal accessing the company website.
“Business logic abuse is growing in sophistication and precision, with hackers and criminals using the same features as a ‘good’ user to commit their attacks and cover their tracks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Clearly IT security practitioners are concerned with the amount and frequency of business logic abuse that their company’s face each day, but our research also shows that most do not feel adequately equipped to defend against such attacks.”
Additional key findings include:
• Material top line impact – Two-thirds of respondents say their organizations lost between one percent and four percent in revenue as a result of business logic abuse and approximately 25 percent say their organizations lost more than five percent.
• Lack of solutions – Nearly 70 percent believe they do not have the necessary technology to deal with the problem. Having real-time visibility into website traffic is a key component to detect this type of abuse, however more than 50 percent of respondents report that this functionality isn’t incorporated into their current security posture.
• Lack of personnel and clear ownership – Nearly two-thirds of respondents do not have sufficient in-house personnel to deal with business logic abuse and more than 20 percent believe no one person or function in the organization has overall responsibility for protecting against business logic abuse.
“This research casts a bright light on a problem that the market has been wrestling with but has struggled to successfully address,” said Nick Edwards, vice president of marketing at Silver Tail Systems. “Many organizations represented in the study have experienced multiple incidents of business logic abuse and in order to protect their users and their organization they need real time visibility and intelligence to understand the nature of their web traffic.”
The Ponemon Institute's “Web Session Intelligence & Security Report: Business Logic Abuse Edition” commissioned by Silver Tail Systems, drew responses from 643 IT security practitioners in the United States, with approximately 10 years IT or IT security experience. Surveys were completed in September 2012, and the corresponding report provides important insights about organizations’ ability to stop or quickly detect business logic abuse. A comparable study was conducted in the United Kingdom and the findings are presented in a separate report.
The full U.S. report is available for download here. An infographic which explores a variety of business abuse scenarios as well as an executive video brief by Dr. Ponemon on the results of the study can also be found here.
About Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, please visit www.ponemon.org.
About Silver Tail Systems, Inc.
Silver Tail Systems, a leading provider of web session intelligence and behavioral analytics, is protecting some of the world’s leading websites against mobile and online fraud and cybercrime. Silver Tail Systems' award-winning solutions are made possible by the unmatched expertise of its management and technology teams, who bring deep experience, know-how and personal commitment to protect their customers' businesses against online fraud. For more information, visit Silver Tail Systems at www.silvertailsystems.com.