2013 Survey of Information Security Professionals



Similar documents
Developing a robust cyber security governance framework 16 April 2015

Cyber Adversary Characterization. Know thy enemy!

InfoSec Academy Pen Testing & Hacking Track

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

White Paper. 7 Questions to Assess Data Security in the Enterprise

The Cloud Balancing Act for IT: Between Promise and Peril

Addressing Cyber Risk Building robust cyber governance

Best Practices for Information Security and IT Governance. A Management Perspective

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

2012 Application Security Gap Study: A Survey of IT Security & Developers

Into the cybersecurity breach

Managing the Ongoing Challenge of Insider Threats

Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Mitigating and managing cyber risk: ten issues to consider

State of Security Survey GLOBAL FINDINGS

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Evaluating DMARC Effectiveness for the Financial Services Industry

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Cybersecurity. Considerations for the audit committee

Cybersecurity and internal audit. August 15, 2014

EY Cyber Security Hacktics Center of Excellence

RETHINKING CYBER SECURITY

THE HUMAN COMPONENT OF CYBER SECURITY

Why You Need to Test All Your Cloud, Mobile and Web Applications

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

October 24, Mitigating Legal and Business Risks of Cyber Breaches

Juniper Networks Secure

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Cybercrime: risks, penalties and prevention

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

next generation privilege identity management

InfoSec Academy Application & Secure Code Track

Data Security in Development & Testing

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

How To Protect Your Business From A Cyber Attack

Advanced Cyber Threats in State and Local Government

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Cyber Risk Management

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Seven Things To Consider When Evaluating Privileged Account Security Solutions

ACE European Risk Briefing 2012

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

INSIDE. Cyberterrorism and the Home User By Sarah Gordon, Senior Research Fellow

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

2015: Time to. Rethink Enterprise IT Security Black Hat Attendee Survey. Download. Subscribe. Previous. Next. Next. Previous. Next.

Privilege Gone Wild: The State of Privileged Account Management in 2015

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

The Impact of Cybercrime on Business

Dr. Konstantinos Ap. Eleftherianos Dr. Konstantinos Papapanagiotou. ISACA Athens Chapter Conference Athens 4/11/2013

Statement for the Record. Martin Casado, Senior Vice President. Networking and Security Business Unit. VMware, Inc. Before the

Effective Use of Assessments for Cyber Security Risk Mitigation

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Unisys Security Insights: Germany A Consumer Viewpoint

KEY TRENDS AND DRIVERS OF SECURITY

The Attacker s Target: The Small Business

Secure by design: taking a strategic approach to cybersecurity

Ty Miller. Director, Threat Intelligence Pty Ltd

Unisys Security Insights: Global Summary A Consumer Viewpoint

TRANSATLANTIC CYBER SECURITY SUMMIT

OPC & Security Agenda

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

SIMULATED ATTACKS. Evaluate Susceptibility Using PhishGuru, SmishGuru, and USBGuru MEASURE ASSESS

Cyber Security: Confronting the Threat

Continuous Network Monitoring

Privilege Gone Wild: The State of Privileged Account Management in 2015

Transcription:

2013 Survey of Information Security Professionals Defending Against State-Sponsored Attacks and Advanced Persistent Threats Published: September 4, 2013 2013 by Lieberman Software Corporation

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 2 Executive Summary In 2013 Lieberman Software surveyed nearly 200 IT security professionals at Black Hat USA 2013 in Las Vegas, NV. The survey measured attendees insights into state-sponsored cyber attacks and other advanced persistent threats. It also gauged their opinions on the likelihood of these attacks to be identified and mitigated in today s corporate and government IT environments. Black Hat USA was selected as the venue for the survey due to the demographics of its attendees. According to the event s web site, this show brings together thought leaders from all facets of the infosec world - from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. The following sections summarize the survey results. Highlights include: More than 74% of respondents are not confident that their network has never been breached by a foreign state sponsored attack or an advanced persistent threat. Nearly 58% of those surveyed think that the US is losing the battle against state-sponsored attacks. Nearly 63% of respondents think a state-sponsored attacker will attempt to breach their organization in the next six months. 52% are not confident that their IT staff could detect the presence of an attacker who attempts to breach their network or extract private data even though the overwhelming majority of respondents work in organizations that have taken at least some additional security precautions.

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 3 1. Likelihood of Being Breached by State- Sponsored Attack Among IT security professionals surveyed, 74.3% of respondents are not confident that their network has never been breached by a foreign statesponsored attack or an advanced persistent threat. 22.9% were confident that this had never occurred, while 2.8% either did not know or did not answer. Are you confident that your network has never been breached by a foreign state sponsored attack or an advanced persistent threat? 23% 3% 74% Commenting on these findings, Martyn Croft, CIO of The Salvation Army UK said, since I would assume that state-sponsored attacks are a covert operation, it sort of begs the question whether anyone can know the full extent. I guess a certain amount of inference from the known attacks, e.g. Stuxnet, would lead one to believe that it's become a commonplace occurrence.

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 4 2. Who is Winning the Battle? The US is not doing well in the ongoing cyber war, according to BlackHat USA 2013 attendees. Of those we surveyed, 57.7% think that the US is losing the battle against state-sponsored attacks, compared to 30.3% who say otherwise. The remaining 12% either do not know or chose not to answer this question. Do you think that the US is losing the battle against state sponsored attacks? 12% 30% 58% I would have imagined this figure to be higher than 58% because the the truth is that most organizations will lose the battle if they end up on the target list of a state-sponsored attacker, said Amar Singh, ISACA Security Advisory Group Chair.

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 5 3. Likelihood of Being Targeted 62.9% of respondents think their organizations will be a target of a statesponsored attack some time in the next six months. Do you think a state sponsored attacker will attempt to breach your organization in the next 6 months? 31% 7% 62%

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 6 4. Confidence in IT Security Measures t only do the majority of survey respondents think that their organizations will be targeted for state-sponsored cyber attacks, most (52%) also do not think that their IT staff are able to detect such an attack. 40% are confident that they could at least detect an attack. Are you confident that your IT staff could detect the presence of an attacker who attempts to breach your network or extract private data? 8% 40% 52%

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 7 5. Additional Security Precautions Respondents were asked which additional security precautions their organizations had taken: user training, security appliances, end point testing and pen testing. 69.7% replied that they use all of these security measures, while only 1.1% stated that they do not use any of them. Individual breakdowns are below. 90 80 70 60 50 40 30 20 10 0 User Training Security Appliances End Point Testing Pen Testing

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 8 6. Handling New and Emerging Threats Perhaps the extra security measures our respondents have employed (see number five above) have given them confidence. 57.1% think that their security products and processes can keep up with new and emerging threats. 36% do not. Do you think that your organization s security products and processes can keep up with new and emerging security threats? 7% 36% 57%

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 9 7. Will Hacking Get Worse? When directly asked whether or not the hacking landscape will get worse, an overwhelming 95.9% of polled IT security professionals said yes, it will. Only 2.9% of respondents think that the problem has reached the bottomed. In terms of the hacking landscape, do you think it will get worse? 3% 1% 96% The hacking landscape will be getting much worse over time, said Amar Singh, ISACA Security Advisory Group Chair. The icing on the cake, from the malicious hackers perspective will be when the world fully embraces IPV6, the next generation internet protocol that will allow every single human being on this planet to own at least 2000 fixed and permanent cyberspace addressees. Think about the attack surface when your TV, your watch, your wristband, your car's engine, your car's brake systems have a unique cyber space address and these devices will be always connected to cyberspace!

2013 Survey of IT Security Professionals Defending State-Sponsored Attacks and Advanced Threats 10 Survey Methodology The 2013 Survey of IT Security Professionals was conducted among nearly 200 attendees of Black Hat USA 2013 in Las Vegas, NV. All responses were anonymous. Respondents were all registered attendees of the show and were polled one on one, on site at the venue. Only fully completed surveys were measured for this report. Any incomplete or indecipherable responses were discarded by the tabulators. Limitations The number of surveys was dependent on time constraints. Lieberman Software conducted as many surveys as possible during the allotted time while attendees were present on the show floor. Surveys were continually conducted one on one, in person, until the exhibit hours ended. In an attempt to maximize survey response, the number of questions was purposefully limited. Therefore, demographic questions such as industry and size of organization were eliminated. Ideally we would have correlated and measured these factors. About Lieberman Software Lieberman Software provides privileged identity management and security management products to more than 1000 customers worldwide, including nearly half of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. The company developed the first solution for the privileged account management space, and its products continue to lead the market. Lieberman Software is headquartered in Los Angeles, CA with an office in Austin, TX and channel partners throughout the world. For more information, visit www.liebsoft.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information