Survey: IT Professionals Fear High-Profile Attack

Sue Marquette Poremba
Slide Show

Anonymous and Hacktivists Attacks Keeping IT Security Pros Up at Night

If you are an IT professional, what do you think is the biggest threat to your company's network? If you said a hack by Anonymous or a similar group, you are with the majority. The 2012 Bit9 Cyber Security Research Report found that 61 percent of IT professionals are concerned about a high-profile attack from a hacktivist group. This is followed by attacks by cyber criminals (although, I wonder at what point we begin thinking of hacktivism groups as criminals, but that's a story for a different day) and nation-state attacks.


The survey had a lot of other interesting findings. An almost-identical number of IT folks who worry about Anonymous are also worried about a targeted malware attack (62 percent) and only 26 percent think their endpoint security is effective.


Personally, I think it is a no-brainer to be worried about Anonymous and malware attacks, and if I were an IT professional, I'd be thinking a lot about those things, too. It seems like the Anonymous concern is what is snatching the headlines about this survey. But here is what caught my eye:

Seventy-seven percent of respondents-a vast majority-believe companies and employees are in best position to improve security-58 percent of respondents said companies implementing best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security. Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security.

If I'm reading this right, the point of this question is more about who gets to make the decisions about security for a company, and by this answer, companies don't want to see a lot of government interference on the matter.


On the other hand, let's go back to those top threats IT professionals feel - an attack from Anonymous or a malware attack. How does Anonymous find an entrance into the network? From an open door of weak security. Same with a lot of malware. So, those 77 percent believe they are in the best position to improve their own company's security, but I have to wonder what kind of job they are doing. I am a firm believer that government and business need to work closer together on security - and, yes, maybe for some places it will only be those government regulations that spur some action.


Another response that got my interest was this:

Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public-Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed.

Interesting because it was Bit9's own CTO, Harry Sverdlove, who was the victim of the recent credit card breach, and he spoke extensively about his experience. Maybe all of those professionals believe they should disclose breaches to their customer base, but Sverdlove's experience shows that how you approach that disclosure is absolutely vital. I wish these results included not just what should be disclosed but how soon that information should be shared with potential victims. Is two months or two years too late? Too soon?


Sverdlove's take on the survey results? He said in a release:

The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states.

An interesting contradiction. Yes, I think that describes it just right.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.