Companies are still slow to implement preventive strategies and only 21% of the companies surveyed have formal education programs for their employees. Even more shocking is that 63% have not performed a security assessment in the last six months.
Although cognizant of the most commonly perceived security threats and countermeasures, (The most common types of attacks and misuse as reported by the participants of the CSI/FBI survey were virus attacks, unauthorized access and web use by insiders, and denial of service attacks. Ibid) businesses relying on IT often do not address one of the most complex and potentially damaging exposures: Cyber-extortion.
This research has two goals: First, generate the first academically available statistics on the advent and threat of cyber extortion against small and medium sized businesses. Second, create immediately usable guidelines for organizations that may be "at risk" to extortion. The guidelines will describe the most common methods extortionists use against their targets, how to ready your information infrastructures against this, and what to do if you become a victim of extortion - regardless if you plan to work with law enforcement or not.