Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government //

Cybersecurity

11/13/2012
01:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Two Thirds Of Brits Back Pre-Emptive Cyber Strikes On Enemy States, Reveals Logrhythm Research

Growing cybertension between nations fuels public desire for intensified government action

13 November, 2012 - LogRhythm, the leader in cyber threat defence, detection and response, today announced the results of a survey that suggests that the UK public is growing increasingly concerned about national cyber security, following the number of high profile security incidents and malware discoveries reported this year.

In a survey of 1,000 consumers, conducted for LogRhythm by OnePoll, more than two thirds of respondents (65 percent) stated that pre-emptive strikes on enemy states that pose a credible threat to national security are justified, and of those, 46% believe it depends on the level of threat posed. Of those surveyed, 45% believe that the UK government needs to step up its protection of national assets and information against cyber security threats, and 43% think that the threat of international cyber war and cyber terrorism is something that needs to be taken very seriously now. Meanwhile, just 18% considered pre-emptive attacks on enemy states to be unjustified, with a mere 12% believing that the government is doing enough to protect the nation from cyber security threats.

"The issue of international cyber espionage, as well as the development of increasingly malicious malware such as Flame, Gauss and Stuxnet have unsurprisingly started to seep into public consciousness – leading to increased calls for urgent action," said Ross Brewer, vice president and managing director for international markets at LogRhythm "However, after any security incident there is usually much speculation and uncertainty of the origin. As such, the typical knee-jerk reaction of blindly attacking the networks of potential perpetrators could incite disturbing consequences such as the execution of even more sophisticated attacks on the UK's critical infrastructure."

The LogRhythm research also provided an insight into public concern about the security of personal data. The majority of those surveyed (80 percent) do not trust organisations to keep their data safe, ranking social networks and gaming sites the least trustworthy organisations. 64% of respondents believe that organisations across all industries are not doing enough to keep their data safe, and nearly half (41 percent) feel that it has become inevitable their data will be compromised by hackers.

"In a similar survey conducted on LogRhythm's behalf in November last year, almost the same number of consumers expressed doubts toward those organisations entrusted with their data. This suggests that, in spite of increased efforts to reinstate consumer confidence in data protection, too many organisations, as well as the ICO, are failing," continued Brewer. "Since 2011, the same percentage of respondents had concerns over the ability of organisations to safeguard their data – suggesting that we could have reached a plateau of distrust. The fact that gaming and social networking have been called out as the worst perceived culprits could be in response to widely-reported breaches and privacy issues across these sectors during 2012."

Respondents also believed that whenever an organisation is compromised and their personal data is put at risk, they should be informed as soon as possible. More than two thirds (67 percent) demand to be told immediately, with almost a fifth (19 percent) prepared to wait until after the breach has been investigated. In terms of the penalties handed to organisations found to have lax security, 46% believe they should be punished more severely, with a quarter claiming that penalties are handed out unevenly across different organisations and industry sectors.

"Businesses and government organisations clearly need to do more to reassure consumers that they are capable of handling personal information with the appropriate care, if they are to rebuild the confidence that has clearly eroded over the past couple of years," continued Brewer. "There is still a frustrating over-reliance on perimeter defences, despite the fact that they have repeatedly proven inadequate in securing IT systems, and this must change. In the same breath, the ICO needs to ensure that its bite is just as bad as its bark by handing out appropriate fines to any organisation that fails to demonstrate appropriate data defences. Only then will organisations get better at data security, hopefully leading to increased consumer confidence."

LogRhythm advocates that is essential that organisations make better use of the data generated by networks so that potential threats can be identified before they have a chance to escalate. Using security intelligence platforms such as Security Information and Event Management (SIEM) as part of an integrated Protective Monitoring strategy enables automated, centralised collection and analysis of log data that ensures anomalies are identified as they occur. Developing this deep insight requires the ability to see even minor changes that may occur across the IT estate, such as files being altered or copied to portable storage devices.

"As cyber threats increase in severity and complexity, organisations need to really understand the difference between 'normal' and 'abnormal' behaviour across every dimension of their electronic enterprise. Only then can they truly fight fire with fire," concludes Brewer.

The full findings of the survey can be found here: http://logrhythm.com/Portals/0/resources/LogRhythm_Data_Security_Infograph.pdf

About LogRhythm

LogRhythm is the largest and fastest growing independent Security Information and Event Management (SIEM) provider in the world. The company's patented and award-winning SIEM 2.0 Big Data Security Analytics platform empowers organizations around the globe to detect breaches and the most sophisticated cyber threats of today, faster and with greater accuracy than ever before. LogRhythm also provides unparalleled compliance automation and assurance as well as operational intelligence to Global 2000 organizations, government agencies and mid-sized businesses worldwide.

Positioned as a Leader in Gartner's 2012 SIEM Magic Quadrant and listed as a "Champion" in Info-Tech Research's 2012 SIEM Landscape Report, LogRhythm also earned a perfect, 5-star rating and this year's exclusive "BEST BUY" in the SC Magazine SIEM Group Test. Additional awards have included Computing Security's Bench Tested Solution of the Year, SC Labs' "Recommended" 5-star designation twice, SC Magazine's Innovator of the Year Award, Readers Trust Award for "Best SIEM" solution and "BEST BUY" designation for Digital Forensics. LogRhythm is headquartered in Boulder, Colorado with operations in Canada, Europe and the Asia Pacific region.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452
PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444
PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...