Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/23/2012
10:05 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

61% Of IT Security Professionals Are Concerned About Attacks From Anonymous And Hacktivists

Bit9 survey also showed that IT executives are most concerned about malware and spear phishing attacks

WALTHAM, Mass. – April 23, 2012 – Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report sponsored by Bit9. The 2012 Cyber Security Survey of nearly 2,000 IT security experts set out to gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night. Complete survey results can be viewed online at http://www.bit9.com/cyber-security-research-2012.

According to Bit9’s survey, 64 percent of respondents believe their organization will be the target of a cyber attack in the next six months. As to the type of attackers that are most likely to target their organization, “Anonymous/ hacktivists” leads the survey at 61 percent, “cyber criminals” follows, and “nation states” rank third, with China ranking as the most likely actor. In addition, the vast majority (74 percent) believe that their endpoint security solutions on their laptops and desktops are not doing enough to protect their companies and intellectual property (IP) from cyber attacks.

Click to Tweet: @Bit9 Cyber Security Survey discusses #Anonymous, #security and #databreach disclosures http://bit.ly/HLruix

“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Harry Sverdlove, CTO of Bit9. “Bit9’s survey highlights how the quickly changing cybercrimal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber security threats.”

Highlights from the Bit9 2012 Cyber Security Survey include:

· More than half (61 percent) of respondents believe Anonymous and other hacktivist groups are most likely to target their organization – IT professionals express concern over the high-profile attacks led by hacktivist groups like Anonymous, and followed by cyber criminals (55 percent) and nation states, specifically China and Russia (48 percent ). Interestingly, only 28 percent believe that disgruntled employees are the most likely to target their companies.

· Sixty-two percent of respondents are most concerned about targeted attack methods – Malware (45 percent) and spear phishing (17 percent) techniques commonly used in targeted criminal and state sponsored espionage attacks are most worrisome. Concern about attack methods commonly used by hacktivists trailed: 11 percent for distributed denial of service (DDoS) and only 4 percent for SQL injection.

· Seventy-seven percent of respondents – a vast majority – believe companies and employees are in best position to improve security – 58 percent of respondents said companies implementing best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security. Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security.

· Only 26 percent of IT professionals feel that the security of their endpoints, laptops and desktops, is effective – The survey shows that respondents consider endpoints most “at risk.” However, even those machines that score the highest for most effective security – infrastructure servers at 40 percent and file servers at 36 percent – have been frequent targets for hackers of late.

· Ninety-five percent of respondents believe cyber security breaches should be disclosed to customers and to the public – Almost half of respondents (48 percent) feel that breached companies should not only disclose the breach, but they should also provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed.

For more information on the Bit9 2012 Cyber Security Survey and to view the full survey results and research report, please visit: http://www.bit9.com/cyber-security-research-2012

To hear Harry Sverdlove discuss the survey and key results visit: http://www.bit9.com/tv/

For additional survey analysis and takeaways, visit Bit9’s blog: http://blog.bit9.com

To view survey infographic please visit: www.bit9.com/cyber-security/graphic.php

Bit9 APT Research Report Survey Methodology

Bit9 conducted an online survey of 1,861 IT and security professionals worldwide. Survey respondents work for companies in a wide range of industries, including: technology, healthcare, and retail, as well as in government agencies. The majority of companies represented in the survey (66 percent) work for organizations with more than 500 employees.

About Bit9

Bit9, the global leader in Advanced Threat Protection and Endpoint Security, protects the world’s intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats. The world’s leading brands rely on Bit9’s award-winning Advanced Threat Protection Platform for endpoint protection and windows server security.

Bit9 stops advanced persistent threats by combining real-time sensors, cloud-based software reputation services, continuous monitoring and trust-based application control and whitelisting—eliminating the risk from malicious, illegal and unauthorized software. Bit9 also offers windows domain controller solutions to protect against modern cyber threats.

The company’s global customers come from a wide variety of industries, including e-commerce, financial services, government, healthcare, retail, technology and utilities. Bit9 was founded on a prestigious United States federal research grant from the National Institute of Standards and Technology – Advanced Technology Program (NIST ATP) to conduct the research that is now at the core of the company’s solutions.

Bit9 is privately held and based in Waltham, Mass. For more information, visit http://www.bit9.com, follow us on Twitter @Bit9, Facebook and Google+, or call +1 617-393-7400.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.