A recent survey of 200 IT security managers or IT security administrators in energy and financial services firms found that 72 percent of respondents expect to be hit by an advanced persistent threat (APT), targeted malware attack, or other sophisticated cybercrime or cyber-espionage tactic within the next 12 months.
Thirty-seven percent of respondents said their endpoints have been infected in the last 12 months by malware that evaded detection by traditional cyber defenses such as anti-virus or firewalls.
Hacktivists present the biggest perceived threat to energy firms, while the leading threat to financial services companies is organized cybercrime syndicates.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Fewer than 10 percent of all respondents are worried about insider threats.
Sixty-one percent of energy firms said e-mail is the biggest threat vector for malware, while 42 percent of financial services firms said the Web was the biggest threat vector. Just three percent of all respondents said mobile is the biggest threat vector they're facing.
In the coming year, 50 percent of respondents plan to train their existing IT staff on new technologies and cyber security strategies, 35 percent plan to implement new policies such limiting network access privileges and educating employees, and 34 percent plan to invest in advanced malware detection technology.
"Given the importance and value of the data that energy and financial services firms have access to, it is no surprise that they are being targeted aggressively by hackers," ThreatTrack president and CEO Julian Waits, Sr., said in a statement. "The question is, what can these organizations do to better stabilize their cyber defenses, in both their own self-interest, and to protect critical U.S. infrastructure? It’s good to see these firms are planning to train their IT teams on the latest cybersecurity technologies and strategies, and that they are going to invest in advanced malware detection. The time to act is now, or the next big data breach could be one that doesn’t just affect our wallets."