Cyber Threats Developing Faster Than Defenses

This was written by Michael Cheek on Tuesday, January 26, 2010, 13:16.

According to a survey conducted by CSO magazine and sponsored by Deloitte, the threats posed by cybercrime against companies are increasing quicker than defensive measures are put into place. The 2010 CyberSecurity Watch Survey also suggests that current countermeasures against cyber criminals are not particularly effective.

While the survey revealed that the number of victims of cyber crime had dropped, it also registered an increase in the number of attacks. One quarter of the attacks were not attributed and over one third of respondents experienced an increase in attacks from August 2008 to July 2009.

“Coupled with organizations’ misperceptions of the effectiveness of current security models, the survey suggests that most entities employ traditional ‘wall-and-fortress’ approaches to security,” said Ted DeZabala, leader of Deloitte’s Security & Privacy services and principal at Deloitte & Touche LLP. “Organizations can take a more effective approach by looking at themselves as cyber criminals do, focusing on what assets are at risk of leaving the organization through the IT environment as well as the threats entering the organization through the same means. In other words, a risk-based approach.”

The majority of attacks come from outsiders, however, attacks by insiders are significantly more damaging.

“It is alarming that although most of the top 15 security policies and procedures from the survey are aimed at preventing insider attacks, 51% of respondents who experienced a cyber security event were still victims of an insider attack. This number is holding constant with the previous two surveys (2007 and 2006),” said Dawn Cappelli, technical manager of CERT’s Threat and Incident Management Group. “Insider incidents are more costly than external breaches, according to 67% of respondents. CERT has been working with government and industry leaders to develop recommendations for new solutions to this problem using commercial and open source tools, and invite organizations to share their insights with us.”

The full survey can be accessed here