Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report sponsored by Bit9.
The 2012 Cyber Security Survey of nearly 2,000 IT security experts set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night, and according to it, 64 percent of respondents believe their organization will be the target of a cyber attack in the next six months.
As to the type of attackers that are most likely to target their organization, “Anonymous/ hacktivists” leads the survey at 61 percent, “cyber criminals” follows, and “nation states” rank third, with China ranking as the most likely actor.
Highlights from the survey include:
More than half (61 percent) of respondents believe Anonymous and other hacktivist groups are most likely to target their organization – IT professionals express concern over the high-profile attacks led by hacktivist groups like Anonymous, and followed by cyber criminals (55 percent) and nation states, specifically China and Russia (48 percent). Interestingly, only 28 percent believe that disgruntled employees are the most likely to target their companies.
Sixty-two percent of respondents are most concerned about targeted attack methods – Malware (45 percent) and spear phishing (17 percent) techniques commonly used in targeted criminal and state sponsored espionage attacks are most worrisome. Concern about attack methods commonly used by hacktivists trailed: 11 percent for distributed denial of service (DDoS) and only 4 percent for SQL injection.
Seventy-seven percent of respondents – a vast majority – believe companies and employees are in best position to improve security – 58 percent of respondents said companies implementing best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security. Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security.
Only 26 percent of IT professionals feel that the security of their endpoints, laptops and desktops, is effective – The survey shows that respondents consider endpoints most “at risk.” However, even those machines that score the highest for most effective security – infrastructure servers at 40 percent and file servers at 36 percent – have been frequent targets for hackers of late.
Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public – Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed.
“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Harry Sverdlove, CTO of Bit9.
To view the full survey results and research report, go here.