The Cost of Malware and Spyware

As businesses of all sizes increasingly use cloud storage and services and incorporate the Bring Your Own Device (BYOD) approach to employee management, malware and spyware are growing threats that can financially cripple or destroy a business. While it is important to understand the true costs of these attacks on a business, it is best to start with an explanation of the difference between malware and spyware and approaches to removing them.

What are Malware & Spyware?

Malware, which is short for “malicious software”, is designed to infiltrate and damage a computer without your consent. Malware includes computer viruses, worms, Trojan horses, scareware and more. It can be present on websites and emails or hidden in downloadable files, photos, videos, freeware or shareware.

Spyware focuses on surreptitiously collecting information about your usage through approaches like key logging to record your keystrokes. Spyware usually doesn’t self-replicate like other forms of malware. However, like other forms of malware, spyware can cause just as much harm to a computer, a network and a business. This can have dire financial implications for a business if the spyware is able to access the business’s or its customers’ financial data.

Prevention & Removal

Various malware or spyware removal methods can be effective to differing degrees. The goal, of course, is to avoid the virus in the first place. So it’s imperative that businesses (especially small and medium-sized businesses) follow some basic rules of prevention.

Anti-malware technology is becoming more widely deployed and is fairly effective in defending against many types of malware threats. Virtually all business computers are protected by antivirus systems. These are usually after-the-fact in their approach to protecting systems against new threats.

Always insure that the latest versions of programs and operating systems are in place. Even a small network of several computers means that firewalls and antivirus programs should be constantly updated and engaged. Update your antivirus software and run a full, in-depth system scan. Be sure to constantly run programs that will clean up temporary files on individual computers such as Cookies, Flash Cookies, and the Java Cache folder.

Cyber-criminals that employ malware that can send spam, steal credit card numbers, or provide a backdoor into the organization’s network are typically motivated by financial gains. Many businesses address their malware concerns by tightening their Internet usage policies.

Today, the threat of business data breaches has reached unheard of proportions as cloud storage and BYOD become the norm. The similarities between spyware and malware infections due to the proliferation of these two platforms and the spread of viruses during the days of floppy drives are not all that dissimilar.

Before widespread use of computer networks, viruses were spread on removable media such as floppy disks. Users of the era regularly exchanged information and programs via floppies, which could have had viruses stored on them that were activated when they were accessed. Today, the same thing happens in cyberspace – albeit at a far great pace and reach – as users utilize their own devices to access data networks or cloud storage systems via a proliferation of available networks.

What is the Cost to Your Business?

The cost of these data breaches to businesses is annually explored by many antivirus manufacturers as well as leading IT research organizations like the Ponemon Institute, a privacy and information management research firm. According to their 2014 IBM-sponsored U.S. Cost of a Data Breach Study, data breach incidents cost U.S. companies $204 per compromised customer record in 2009.  Sound inexpensive?

A spyware attack may cost a small business a few thousand dollars in damages, mostly in terms of the labor cost required to remove it from machines. In cases where the spyware gains a password that can be used to infiltrate an organization’s network, the secondary damages resulting from the unauthorized access could be devastating.

Numerous studies have shown that the true costs of malware and spyware can be thousands or tens of thousands of dollars for small and medium-size businesses. Once detected, systems are often shut down for hours or days to track and rectify the breach, which results in a loss of revenue as well as employee and business expenses that continue regardless of the disruption. One must also factor in lost income from clients and customers that go elsewhere to get their services and goods. No assessment has been attributed here to bandwidth, liability or reputation damage.

Finally, one must consider and weigh the costs of introducing infrastructure changes that can better guard against probably future threats before they happen. While sophisticated Internet monitoring and web filtering software solutions do have their upfront costs, they should be looked at from the standpoint of future savings due to threat amelioration. Businesses and organizations must keep in mind that the cost of prevention will always be less than the cost of a cure when it comes to dealing with spyware and malware attacks.

Posted in Cyber Security.