Bit9, provider of server security and protection against advanced persistent threats using an adaptive whitelisting approach, released the 2012 Bit9 Cyber Security Research Report–Kit Dotson, SiliconANGLE’s cybersecurity editor analysed the report yesterday. It tackles the number one threat that IT professionals are concerned about: Anonymous.
Anonymous is the group famous for hackitivism or politically-motivated hacking or hacking-for-a-cause. The group was even named as one of Time’s 100 Most Influential People in the World for 2012, which makes them a great cause for concern as they easily gain supporters and members.
The Bit9 report discussed the survey conducted among 2,000 IT security leaders which stated that companies with 500 or more employees and government security professionals are the ones concerned with cybercrime from Anonymous at 61%, other cybercriminals at 55%, and nation state sponsored attacks from China 28%, Russia 13%, and 4% from other countries.
The report found out that cybercrime flourishes because web security isn’t strong enough (18%) and because there is a rise in organized attacks (66%).
Though participants of the survey identified Anonymous as their most feared threat, curiously, the survey showed that these experts deem malware (Trojans, Rootkits, Worms) as the most likely culprit to invade any system at 45%, followed by spear phishing 16%, drive-by downloads malicious website 13%, distributed denial of service attacks 11%, SQL injection 4%, and 4% for other attacks.
“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Harry Sverdlove, CTO of Bit9. “Bit9’s survey highlights how the quickly changing cyber criminal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber security threats.”
It’s the same reason why companies spend more on security against malware than hackers using DDoS but the fear or concern with regards to Anonymous or other hackers stems from the fact that they have stolen tons of important and sensitive data.
“My takeaway is that people are definitely more aware of the threat landscape we face, more than ever before. And Verizon’s 2012 data breach report, for the first time ever, said that Anonymous or hacktivist organizations represented more than half of all the database records stolen in 2011. So it’s not just fear,” said Sverdlove.
Sverdlove also discussed the difference between being hacked by an organization and being hacked by a criminal enterprise.
“The difference is, if you’re attacked by a hacktivist organization, you might see your data posted immediately to the Web,” Sverdlove said. “If you’re attacked by a criminal enterprise, you might start seeing a trickle of compromised accounts after a few months. If you’re attacked by a nation state, you might never find out about that.”
IT and security professionals, 96% of them, who participated in the survey all agreed that if the system was breached, it should be made public to notify consumers.
See the infographic of the Bit9 report below.