Peter Suciu for redOrbit.com – Your Universe Online
The news for businesses of all sizes isn’t good. The hackers are winning and online attackers are more determined than ever to break into computers and steal data. Most worrisome is that cyber criminals are more technologically advanced than the businesses that are there to stop them.
That is the findings of a new survey of 500 executives of US businesses, law enforcement services and government agencies that was released on Wednesday by PwC US and CSO magazine.
The 2014 US State of Cybercrime Survey, an annual study of cybercrime trends, revealed that the number of cybercrime-related incidents and monetary losses associated with these attacks will continue to rise. Moreover, US organizations’ cyber security capabilities fall short of the persistence and technological skills of those doing the attacks.
The report found that only 38 percent of companies have the methodology to prioritize security investments based on risk and the potential impact to business strategy.
“Cyber criminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone,” David Burg, PwC’s Global and US Advisory Cybersecurity Leader, said in a statement. “It’s imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity.”
The report also noted that the United States Director of National Intelligence now ranked cybercrime as a top national security threat. This puts it higher than terrorism, espionage and even weapons of mass destruction.
US business leaders are now increasingly worried about such cyber-attacks far more than their respective global counterparts. The survey found that 69 percent of US business respondents said they were concerned about how cybercrime could threaten growth potential – compared to just 49 percent of global CEOs.
The survey found that on average there were 135 cybercrime incidents per organization over the last year, but actual costs remain largely unknown as more than two-thirds of respondents were unable to estimate the financial losses. Of those respondents who could make estimations, the average monetary loss was projected to be $415,000
The survey also found eight major cyber security deficiencies:
· Most organizations do not take a strategic approach to cyber security spending
· Organizations do not assess security capabilities of third-party providers
· Supply chain risks are not understood or adequately assessed
· Security for mobile devices is inadequate and has elevated risks
· Cyber risks are not sufficiently assessed
· Organizations do not collaborate to share intelligence on threats and responses
· Insider threats are not sufficiently addressed
PwC recommended that organizations can address these security deficiencies by investing in people and processes, in addition to technologies, while holding third parties to the same or higher standards. Companies should assess risks associated with supply chain partners; ensure that mobile security practices keep pace with adoption and use of mobile devices; perform cyber risk assessments regularly; while also taking advantage of information sharing internally and externally to gain intelligence on fast-evolving cyber risks.
Moreover, companies should strive to develop threat-specific policies, enhance training, and create workforce messaging to boost cyber security awareness across the organization.
“Internal threats have long been a part of the security landscape for enterprises,” said Charles King, principal analyst at Pund-IT. “While some incidents are criminally related (theft of IP, etc.) others stem from simple mistakes, like people erroneously attempting to access documents or portions of the company Intranet for which they are not approved. These kinds of issues, along with challenges related to opening data to approved partners such as those in the supply chain highlight the importance of information governance frameworks and solutions for most enterprises. The situation is likely to become increasingly complex and fraught, especially in light of the increasing risks related to mobile device use and volumes of data resulting from IoT strategies.”
“Smaller businesses are often targeted by cyber criminals due to their relatively porous and simplistic security solutions,” King told redOrbit. “It’s a bit like a smash and grab robbery or knocking over a convenience store. The rewards are considerably lower that [sic] cracking an enterprise environment but its often easy money with lower risk.”