While 31 per cent of respondents revealed suffering at least one cyber attack in the last 12 months, 45 per cent believed their organisation is a target of organised cyber crime which could result in the theft of data or money or sabotage.
“Unfortunately the results of our research don’t really come as a shock, as the past 12 months have seen some of the biggest and most successful cyber attacks our industry has ever witnessed,” said Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group. “However, the numbers of those who know they’ve been attacked and those fearful are dangerously similar. For many, not knowing will lead to painful realities. Just ask 31 per cent of our survey.”
When asked about the significant information security threat facing their organisation today, 54 per cent of respondents highlighted accidental data leakage by staff, contractors or vendors as the biggest threat. The past five years of highly publicised data breaches and the power of the Information Commissioner’s Office (ICO) to levy £500,000 have gained the attention of organisations. In contrast, only 10 per cent fear external attack on networks and systems and only 13 per cent see Trojans that steal data, money, or sabotage systems as a significant threat to their organisation.
The survey was conducted at the same time major breaches at security and third party outsourcers rocked the IT world. However the survey results highlighted a lack of clarity from respondents in terms of who should be held accountable should their organisation fall victim to cyber crime, with respondents split between CIO/Hof IT 26.1 per cent, CISO/Hof IT Security 27 per cent and CEO/MD 27 per cent.
While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat (APT) attack, it appears respondents prefer traditional methods, such as end user education (44 per cent) or anti-virus (29 per cent), as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.
“Unfortunately, end user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won’t make the problem go away – criminals are only more encouraged,” commented Jevans. “As an industry, we need to shift away from trying to be all knowing and detecting threats we can’t know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem.”
As a result of cyber crime, British business is estimated to be losing £20bn a year. As well, targeted attacks on the global energy industry as part of the Night Dragon attacks, the major breach of infrastructure at RSA, compromise of digital certificate issuance at Comodo, and theft of millions of customer records from Epsilon show that cyber crime is all too real and any organisation is a potential target.
IronKey also announced the upcoming availability of IronKey Trusted Access for Banking 2.7. The updated version addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers. The new update includes IronKey’s keylogging protection that blocks the capture of user credentials, one-time passcodes (OTP), challenge questions, and other sensitive data criminals can easily steal otherwise. And in response to bank interest in building new revenue streams by offering Trusted Access protection for clients banking with competing institutions, Trusted Access will allow banks to provide clients with quick access to multiple banking sites. Banks can provide the same level of protection with Trusted Access to clients even if banking on a competitor’s site.
At Infosecurity Europe 2011, IronKey will be demonstrating how Trusted Access combats the growing threat of banking cyber-crime. Unlike previous approaches to preventing online banking fraud, Trusted Access for Banking isolates users from crimeware. Trusted Access for Banking meets guidelines for safe online banking established by NACHA and the FBI, and as described in draft FFIEC 2011 Online Banking Guidelines.