Security Fears for Execs Keeps Rising

Thursday, August 6, 2015 @ 01:08 PM gHale

When it comes to security, 75 percent of executives from U.S. companies, law enforcement, government agencies, other organizations and other security experts are more fearful of threats this year than in the past 12 months, a new study found.

Over 500 respondents surveyed in this year’s report, sponsored by PwC, International Data Group’s CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the Secret Service.

Working to Secure Smart Cities
Multi-Tasking Leads to Incidents: Report
Average DDoS Attack Size on Rise
Confidence, Fear Co-Exist in Security

This year’s numbers are significantly higher than last year’s, since U.S. State of Cybercrime Survey found only 59 percent of participants had concerns about cyberthreats in 2014.

“Heightened awareness and concern are well-warranted,” the report said. “A record 79 [percent] of survey respondents said they detected a security incident in the past 12 months. Many incidents go undetected, however, so the real tally is probably much higher.”

PwC said respondents reported 163 security incidents per organization on average in the last 12 months, which is an increase from 135 incidents during the prior year. Organizations with 10,000 or more employees detected 31 times more incidents than those with fewer than 1,000 employees.

David Burg, PwC’s global and U.S. cyber security leader, said this year is a “watershed year for cybercrime.” He said fighting it isn’t just a matter of increasing spending but improving information sharing.

However, only 25 percent of respondents said they were involved in industry-specific Information Sharing and Analysis Centers, or ISACs, which is the same number as the prior year. Organizations in the electricity, water, banking and finance and government sectors were more likely to participate.

But the survey said President Obama’s executive order issued in February to create new Information Sharing and Analysis Organizations, or ISAOs, should boost participation.

“Unlike today’s industry specific ISACs, membership in ISAOs will be more flexible, enabling businesses and public-sector agencies to share information specific to individual industries as well as intelligence related to geographies, issues, events, or threats,” the survey said.

The survey pointed out that a key barrier to information sharing is “a lack of a unified framework, platform and data standards. But it pointed out the Department of Homeland Security and others are working to promote specific, standardized messaging and communication formats to distribute threat intelligence and response tactics in real time.

The survey also found the most frequently cited crimes are those committed from outside an organization. It also said 31 percent of respondents had a phishing attack last year, while distributed-denial-of-service attacks are becoming more severe and ransomware is becoming more prevalent.

“Over the past year, the Secret Service saw an increase in cyber-related activity involving capable networks of transnational criminals targeting U.S. citizens and financial institutions,” Stuart Tryon, special agent in charge of the agency’s criminal investigative division, said in the release. “Currently, subjects in Eastern Europe control many of the Internet web sites buying and selling illicitly obtained credit card data.”

Click here to download the report.