ThreatTrack Security recently published the results of a study that reveal broad concern among enterprises about the vulnerability of their systems against cyber attacks. More than two-thirds of executives are concerned their companies will not be able to stop such threats, and one in five say their biggest concern is not knowing whether an attack is under way. However, these fears seem to have had little influence in encouraging executives to protect their networks by adopting best practices in cyber defense technologies and specialized personnel. Forty-two percent report not having an incident response team in place, and nearly half (47 percent) report that they are not making use of advanced malware analysis tools.
At a time when Advanced Persistent Threats (APTs), targeted attacks, zero-day threats and other sophisticated malware have become profitable businesses for malware writers and cyber criminals, many large enterprises are still struggling with how to protect themselves. It is especially telling that, according to the study, 97 percent of enterprises with annual security budgets over $1 million still report concerns that they are vulnerable to malware attacks and cyber espionage tactics.
“Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies,” said ThreatTrack Security Chief Executive Officer Julian Waits, Sr. “The only way to battle these threats effectively is with a combination of highly skilled cybersecurity professionals armed with the strongest malware analysis tools available. Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.”
The independent blind survey of 200 C-level executives at U.S.-based enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cybersecurity practices of their companies.
Click through for findings from a cybersecurity survey directed at C-level executives, conducted by Opinion Matters on behalf of ThreatTrack Security.
Sixty-nine percent of executives are concerned that their organizations may be vulnerable to targeted malware attacks, APTs and other sophisticated cyber crime and cyber espionage tactics.
More than one in five enterprises (21 percent) say their biggest concern is not knowing whether an attack is taking place.
Forty-seven percent say their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox; 42 percent do not have a dedicated incident response team employed.
One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50 percent of financial services firms and 53 percent of manufacturing companies.
Eighty-two percent of financial services firms are concerned about APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
Thirty-six percent of enterprises say they are more concerned about losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information (such as credit card data, Social Security numbers or medical records).
In a companion survey of 203 U.S. consumers – also conducted by Opinion Matters on behalf of ThreatTrack Security during the same time period – 71 percent of respondents indicate that the companies that hold their personally identifiable information were either not doing everything they could to protect that data (43 percent) or were not sure whether that was the case (28 percent). Seventy-five percent of consumers report concerns that these companies would be attacked and their personally identifiable information would be compromised.
The data also suggests that these consumers have reason to be concerned. Nearly half (47 percent) say they have been notified at some point that their information has been compromised by a breach, and of those respondents, another 47 percent say that even after being notified, they still did not feel well-informed or reassured that their data would be safe.
Even with this rampant lack of confidence in enterprises, consumers do not trust the government to get involved when it comes to their personal information. A majority (70 percent) do not believe the government should dictate to private companies how they handle and store private data or which technologies they should use to secure their networks.