What are CISO’s (Chief Information Security Officers) worrying about in 2016?
According to the recent 2016 Security Pressures report from Trustwave, theft of information from a successful breach or cyber-attack ranks as the top worrying outcome for nearly two-thirds of respondents.
With the Identity Theft Resource Center placing the number of records exposed from data breaches in 2015 somewhere around 170 million, it’s no surprise.
Security professionals rate customer data theft (43%) as their No. 1 worry followed by intellectual property theft (22%), so that those top two classes of theft amount to 65% of the total concern.
Website disruption made the largest jump year over year; increasing from 7% last year to 13% in this year’s report – in Australia, 19% of respondents list their website being taken offline as the top issue of concern.
This change could be related to the fact that the number of distributed denial-of-service incidents reached record highs during 2015, according to Akamai.
However, it is interesting to note that the number of respondents who feel safe from security threats rose from 70% to 74%. That increase was due in part to the Australian CISO segment, where an eye-opening 88% of respondents claim to feel safe from security threats. Creating a strange sense of schizophrenic personality disorder, over half of the same Australian respondents readily admit their organization has experienced a challenging and costly breach. No, I don’t know what it means, either.
58% of respondents are more pressured to protect against external threats, while 42% feel the other way, up four percentage points from last year. The split is not surprising, considering attacks orchestrated by participants unknown to the victim typically are the ones that drive the headlines. But insider attacks are more likely to go unreported, yet they can actually have the greater impact because they are being perpetrated – either purposefully or unwittingly – by users who are trusted on the network.
Of the respondents most concerned about internal threats, 24% are bothered by non-malicious individuals who may commit unintended security risks, like emailing a sensitive file to their personal email address or losing a laptop. 18%, meanwhile, are more worried about malicious insiders, a group that may be motivated by greed or frustration to wage harm on the corporate network.
What all of this tells me is what we actually already know: Breaches are growing in both volume and economic impact and are succeeding in disrupting all networks most of the time and we seem to be completely incapable of stopping or slowing them down.
As we continue to monitor and report these statistics and the results of these endless surveys, the cyber-security threat continues to increase in frequency, complexity and sophistication.
The targets have expanded to include supposedly well-protected Federal Government agencies like the CIA, FBI, NSA, OPM and Homeland Security (making me feel increasingly less secure). The success rate is now phenomenal.
Do we really need surveys to tell us this? Do they expect that suddenly the trends will be headed in the other direction?
The facts are that the bad guys are winning and winning big. Our corporate boards appear to be generally clueless and in denial, joined now by their government counterparts who appear even more clueless and/or in greater denial.
I do know that if we don’t start to take this stuff seriously, we are in for a long cold winter. If you want to understand better how this cyber-security mystery works, I strongly recommend picking up a copy of “Worm – The First Digital World War” by Mark Bowden. It is a non-hysterical, completely rational insight into how malware works (in English), how the bad guys do what they do, and how they continue to get away with it.
Then after you read it, write your board and your Congressperson. This is neither a game nor an aberration that is going to go away one day. We are not going to “fix” it by using current means, talent and technology either.
It increasingly feels to me that we are all part of the cast of an existential version of Clueless and we can’t find a way off the set.
Source: https://www.netswitch.net/clueless-in-cyber-security-land/