More than half of the 500 respondents (58%) of the 2010 CyberSecurity Watch Survey believe they are more prepared to prevent, detect, respond to or recover from a cybercrime incident compared to the previous year. However, only 56% of the participants have a plan for reporting and responding to a cybercrime.
The public may not be aware of the number of incidents because almost three-quarters (72%), on average, of the insider incidents are handled internally without legal action or the involvement of law enforcement. However, cybercrimes committed by insiders are often more costly and damaging than attacks from outside.
“Based on our experiences with a variety of clients in different sectors, we actually think the situation is even worse than first glance,” said Ted DeZabala, principal, Deloitte & Touche LLP and national leader of Deloitte’s Security & Privacy services. “We believe that most cybercrimes go unreported, not because they are handled internally, but rather because they are never detected in the first place. This is a proverbial “tip-of-the-iceberg’ situation, and the implications are significant.”
According to the respondents, there are several security measures that are more effective in protecting an organization from a cybercrime. When trying to deter a criminal, businesses should be:
1. Conducting periodic penetration tests of their systems
2. Implementing periodic security education and awareness programs for their employees
3. Delivering regular communication about security from senior management.
The research also finds that businesses are taking steps to identify insider threats. Nearly one-third (32%) of survey respondents now monitor the online activities of employees who may be disgruntled or who have turned in their resignations. In this severe recession security risks have increased among employees who have been fired or laid off.
“While nothing is a guarantee in deterring cybercrime, implementing a strong protective barrier and providing employees with best practices is the key to protecting your organizations’ assets,” said Bob Bragdon, publisher of CSO magazine. “Most organizations have taken these attacks more seriously, and now fewer are being targeted; however, the threats are constantly changing so organizations must communicate, adapt and respond appropriately to a very fluid situation. With more than half of the respondents still concerned about cybercrime, it appears that investments and proactive behavior will continue to be a priority in IT security.”