According to a survey plied recently in 2012 by Massachusetts-based Bit9, a company dedicated to providing trust-based security services for malware and breach detection, much of the IT industry is concerned about hactivists. Expectations form IT professionals have Anonymous/ hacktivists” leading the survey at 61 percent, “cyber criminals” follows, and “nation states” rank third, with China ranking as the most likely actor.
It’s not surprising to see Anonymous high on the list, especially because the hactivist collective is constantly making the news for hitting poorly secured websites and other low-hanging fruit—the collective and other hactvists are constantly involved in acting as highwaymen on the “information superhighway.” As for China, although playing nice with the US in cyberwar drills, they have been behind numerous different malware distributions and even been accused of outright hacking in several instances.
“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Harry Sverdlove, CTO of Bit9. “Bit9’s survey highlights how the quickly changing cybercrimal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber security threats.”
Some of the highlights from the survey give an idea of what IT professionals in the US and UK see as their biggest concerns:
- Sixty-two percent of respondents are most concerned about targeted attack methods – such as malware and spear-phishing over and above the use of DDoS;
- Seventy-seven percent of respondents – a vast majority – believe companies and employees are in best position to improve security;
- Only 26 percent of IT professionals feel that the security of their endpoints, laptops and desktops, is effective.
Malware and spear-phishing have been on the rise—part of the reason why we at SiliconANGLE have been covering botnets, malware, and high-priority phishing attacks for HackANGLE—and it’s a favored mechanism for getting behind a firewall. After all, according to legend Troy could only be infiltrated by a the Greeks via the Trojan horse. Social engineering to get malware behind the walls of cybersecurity helps invalidate all the outward-facing filters and other mechanisms that protect form external threats.
The 77% of respondents who think that employees will be the key to increasing security are absolutely correct: knowing and keeping proper information hygiene is tantamount to 90% of all security. Just like washing your hands before a meal or keeping your clothes clean can reduce illness; checking sources, not running untrusted programs, and paying attention to what you’re doing across the firewall can greatly decrease the chances that hackers get in with a Trojan horse.
It’s expected that distributed denial of service is lower on the list. After all, DDoS doesn’t exfiltrate confidential customer information that could bankrupt a company—it’s just a sudden slowdown or degradation to the service. DDoS is frustrating and causes a loss of money, but it’s temporary and it can be deflected—losing corporate secrets is devastating.
IT Industry Says: Disclose Early and Often
The road to breach disclosure presents an interesting picture with the responding professionals weighing in extremely heavily on the “disclose now, disclose as much as possible without weakening security” side. The rampage of LulzSec and the numerous hacks and leaks caused by them displayed how much customer personal information can be easily pilfered by cyber thieves and if companies struck by them don’t disclose the thieves certainly wouldn’t have.
- Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public ;
- Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen;
- Nearly a third (29 percent) believe a description of how the attack occurred should also be shared;
- Only 6 percent felt that nothing should be disclosed.
It’s good to see only a tiny minority agitating for no disclosure.
The fact of the matter is that after a breach it becomes a customer service issue to reveal that a breach occurred. It may not be necessary to reveal this to the public—except for as part of PR damage control—but it is a pillar of customer service and a good relationship with clients to let them know early and often when a breach is discovered. There’s no reason to worry about panicking clients as much as having them discover that you knew 48 hours earlier that they were at risk and didn’t tell them.
What systems were accessed, how they were accessed, and what might have been accessible to the attackers would be extremely important information for clients to know so that they could prepare their own defenses, especially if it was authentication credentials or financial information.
Security is a multi-headed organism that starts and ends with trust.