- Security TWENTY
- Women in Security Awards
Concerns over hacktivism and targeted state-sponsored attacks are at the top of security-IT minds according to a new survey and research report sponsored by Bit9. The 2012 Cyber Security Survey of nearly 2,000 IT security people set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night. Complete survey results can be viewed online at http://www.bit9.com/cyber-security-research-2012.
According to the survey, 64 percent of respondents believe their organisation will be the target of a cyber attack in the next six months. As to the type of attackers that are most likely to target their organisation, “Anonymous/ hacktivists” leads the survey at 61 percent, “cyber criminals” follows, and “nation states” rank third, with China ranking as the most likely actor. In addition, the vast majority (74 percent) believe that their endpoint security solutions on their laptops and desktops are not doing enough to protect their companies and intellectual property (IP) from cyber attacks.
“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicised attacks from hacktivist organisations like Anonymous, but they recognise that the more serious threats come from criminal organisations and nation states,” said Harry Sverdlove, CTO of Bit9. “Bit9’s survey highlights how the quickly changing cybercrimal landscape is impacting IT professionals worldwide and illustrates what strategies organisations are implementing to protect their core data and intellectual property from cyber security threats.”
More than half (61 percent) of respondents believe Anonymous and other hacktivist groups are most likely to target their organization – IT professionals express concern over the high-profile attacks led by hacktivist groups like Anonymous, and followed by cyber criminals (55 percent) and nation states, specifically China and Russia (48 percent). Interestingly, only 28 percent believe that disgruntled employees are the most likely to target their companies.
Sixty-two percent of respondents are most concerned about targeted attack methods – Malware (45 percent) and spear phishing (17 percent) techniques commonly used in targeted criminal and state sponsored espionage attacks are most worrisome. Concern about attack methods commonly used by hacktivists trailed: 11 percent for distributed denial of service (DDoS) and only 4 percent for SQL injection.
Seventy-seven percent of respondents – a vast majority – believe companies and employees are in best position to improve security – 58 percent of respondents said companies implementing best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security. Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security.
Only 26 percent of IT professionals feel that the security of their endpoints, laptops and desktops, is effective – The survey shows that respondents consider endpoints most “at risk.” However, even those machines that score the highest for most effective security – infrastructure servers at 40 percent and file servers at 36 percent – have been frequent targets for hackers of late.
Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public – Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed. For more on the Bit9 2012 Cyber Security Survey and to view the full survey results and research report visit: http://www.bit9.com/cyber-security-research-2012