Establishing Digital Trust: Don't Sacrifice Security for Convenience
According to the recently-released 2012 Bit9 Cyber Security Research Report, 64 percent of IT security professionals believe their organizations will be targeted by cyber attacks within the next six months -- and 61 percent say those attacks are most likely to be led by members of Anonymous or other hacktivists.
"Respondents choosing hacktivists as a more likely source of cyberattacks than cybercriminals is similar to how most people fear flying more than driving, even though, statistically speaking, it's far more likely for someone to be involved in a car accident than in a plane crash, said Bit9 chief technology officer Harry Sverdlove," writes Computerworld's Lucian Constantin. "The truth is that you are less likely to be attacked by Anonymous or hacktivists -- depending on what public statements you make -- than to be attacked by a cybercriminal enterprise or a nation state, he said."
On the other hand, the attack methods that dominate security pros' concerns aren't tied to Anonymous. Forty-five percent of respondents are most worried about malware attacks, and 17 percent are concerned about spear phishing (both common attack methods for cybercriminals and nation states) -- while Anonymous' favored method, the DDoS attack, leads the concerns of only 11 percent of respondents. "The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states," said Sverdlove said in a statement.
"It would also seem that the majority of IT professionals have little faith in the employees in their company, with only 26 percent saying that the security on laptops and desktops is effective -- and that these 'endpoints' are the most at risk," writes TNW's Nancy Messieh. "An overwhelming 95 percent said that the public should be informed of any cyber security breaches, with 48 percent adding that companies should provide details on what, if anything, was stolen, and 29 percent felt the details of how the attack was carried out should be included as well."