Executives have had little influence in encouraging their organisations to adopt security best practices, in spite of the growth of sophisticated cyber-threats
There is broad concern among enterprises about the vulnerability of their systems against cyber-attacks. More than two-thirds of C-level executives are concerned their companies will not be able to stop such threats, and one in five say their biggest concern is not knowing whether an attack is underway, according to a survey of 200 C-level executives at US-based enterprises conducted by Opinion Matters on behalf of ThreatTrack Security.
Despite these fears, they appear to have had little influence in encouraging executives to protect their networks by adopting best practices in cyber-defense technologies and specialised personnel. Forty-two percent reported not having an incident response team in place, and nearly half (47 percent) reported that they are not making use of advanced malware analysis tools.
Surge in sophisticated threats
“Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies,” ThreatTrack security chief executive Julian Waits Sr. said in a statement. “The only way to battle these threats effectively is with a combination of highly skilled cyber-security professionals armed with the strongest malware analysis tools available. Companies that don’t employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys.”
According to the study, a whopping 97 percent of enterprises with annual security budgets of more than $1 million (£650,000) still report concerns that they are vulnerable to malware attacks and cyber-espionage tactics, and 69 percent of executives were concerned that their organisations may be vulnerable to targeted malware attacks, advanced persistent threats (APTs) and other sophisticated cyber-crime and cyber-espionage tactics.
One-third of the enterprises surveyed say they are aware of a targeted malware attack against their companies, including 50 percent of financial services firms and 53 percent of manufacturing companies. The survey found 82 percent of financial services firms are concerned about APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool.
More than one-third (36 percent) of enterprises say they are more concerned about losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers’ personally identifiable information such as credit card data, social security numbers or medical records.
A companion survey exploring the concerns of US consumers found 71 percent of respondents feel that companies that hold their personally identifiable information were either not doing everything they could to protect that data (43 percent) or were not sure whether that was the case (28 percent). Three-quarters of consumers reported concerns that these companies would be attacked and their personally identifiable information would be compromised.
Even with this rampant lack of confidence in enterprises, the survey indicated consumers do not trust the government to get involved when it comes to their personal information. A majority (70 percent) said they do not believe the government should dictate to private companies how they handle and store private data or which technologies they should use to secure their networks.
Are you a security pro? Try our quiz!