Bit9 2012 Cyber Security Survey Reveals Malware and Spear Phishing Attacks Commonly Used in Targeted Attacks Are Most Worrisome
04.23.12 – Waltham, Mass. – Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report sponsored by Bit9. The 2012 Cyber Security Survey of nearly 2,000 IT security experts set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night.
According to Bit9’s survey, 64 percent of respondents believe their organization will be the target of a cyber attack in the next six months. As to the type of attackers that are most likely to target their organization, “Anonymous/ hacktivists” leads the survey at 61 percent, “cyber criminals” follows, and “nation states” rank third, with China ranking as the most likely actor. In addition, the vast majority (74 percent) believe that their endpoint security solutions on their laptops and desktops are not doing enough to protect their companies and intellectual property (IP) from cyber attacks.
“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Harry Sverdlove, CTO of Bit9. “Bit9’s survey highlights how the quickly changing cybercrimal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber security threats.”
Highlights from the Bit9 2012 Cyber Security Survey include:
- More than half (61 percent) of respondents believe Anonymous and other hacktivist groups are most likely to target their organization – IT professionals express concern over the high-profile attacks led by hacktivist groups like Anonymous, and followed by cyber criminals (55 percent) and nation states, specifically China and Russia (48 percent ). Interestingly, only 28 percent believe that disgruntled employees are the most likely to target their companies.
- Sixty-two percent of respondents are most concerned about targeted attack methods – Malware (45 percent) and spear phishing (17 percent) techniques commonly used in targeted criminal and state sponsored espionage attacks are most worrisome. Concern about attack methods commonly used by hacktivists trailed: 11 percent for distributed denial of service (DDoS) and only 4 percent for SQL injection.
- Seventy-seven percent of respondents – a vast majority – believe companies and employees are in best position to improve security – 58 percent of respondents said companies implementing best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security. Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security.
- Only 26 percent of IT professionals feel that the security of their endpoints, laptops and desktops, is effective – The survey shows that respondents consider endpoints most “at risk.” However, even those machines that score the highest for most effective security – infrastructure servers at 40 percent and file servers at 36 percent – have been frequent targets for hackers of late.
- Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public – Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed.
Bit9 APT Research Report Survey Methodology
Bit9 conducted an online survey of 1,861 IT and security professionals worldwide. Survey respondents work for companies in a wide range of industries, including: technology, healthcare, and retail, as well as in government agencies. The majority of companies represented in the survey (66 percent) work for organizations with more than 500 employees.
Bit9, the global leader in Advanced Threat Protection and Endpoint Security, protects the world’s intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats. The world’s leading brands rely on Bit9’s award-winning Advanced Threat Protection Platform for endpoint protection and windows server security.
Bit9 stops advanced persistent threats by combining real-time sensors, cloud-based software reputation services, continuous monitoring and trust-based application control and allowlisting—eliminating the risk from malicious, illegal and unauthorized software. Bit9 also offers windows domain controller solutions to protect against modern cyber threats.
The company’s global customers come from a wide variety of industries, including e-commerce, financial services, government, healthcare, retail, technology and utilities. Bit9 was founded on a prestigious United States federal research grant from the National Institute of Standards and Technology – Advanced Technology Program (NIST ATP) to conduct the research that is now at the core of the company’s solutions.
Bit9 is privately held and based in Waltham, Mass. For more information, visit our website, follow us on Twitter, Facebook and Google+, or call +1 617-393-7400.