Security Experts:

Survey: More Attacks Coming From Outsiders, Insider Attacks More Costly

More attacks are coming from outsiders, but attacks coming from insiders are showing to be more costly to organizations, according to a recent survey. Additionally, the survey, the 2011 CyberSecurity Watch Survey sponsored by Deloitte and conducted by CSO Magazine, revealed that organizations are seeing more cybersecurity related events, but the events, on average, are costing significantly less than in the previous year.

Cybersecurity Trends

Interestingly, twenty-eight percent of respondents have seen an increase in the number of events in the 2011 study and 19% were not impacted by any attacks, compared to 40% in the 2010 study.

"Organizations are becoming more strategic in how they prevent and respond to cybersecurity events such as the advanced persistent threat (APT)," said Ted DeZabala, national leader of Deloitte's Security & Privacy services. "However, while the survey suggests that the annual monetary losses from events have dropped from $395,000 in 2010 to $123,000 per organization in 2011, we believe these numbers are a result of organizations associating incidents to different domains such as privacy and fraud rather than traditional cybersecurity. Further, this metric alone could be misleading as reported events, sophistication of attacks and external attribution have all increased while the perceived effectiveness of technology-based defenses has decreased."

Insider Attacks Are More Damaging

The 2011 CyberSecurity Watch Survey uncovered that more attacks (58%) are caused by outsiders (those without authorized access to network systems and data) versus 21% of attacks caused by insiders (employees or contractors with authorized access) and 21% from an unknown source; however 33% view the insider attacks to be more costly, compared to 25% in 2010. Insider attacks are becoming more sophisticated, with a growing number of insiders (22%) using rootkits or hacker tools compared to 9% in 2010, as these tools are increasingly automated and readily available.

Not only are insider attacks monetarily costly, but they also cause additional harm to organizations that can be difficult to quantify and recoup. Harm to an organization's reputation, critical system disruption and loss of confidential or proprietary information are the most adverse consequences from insider cybersecurity events, according to respondents. The public may not be aware of the number of insider events or the level of the damage caused because 70% of insider incidents are handled internally without legal action, which is consistent with the 2010 study.

"Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years," said Dawn Cappelli, technical manager of the Insider Threat Center at CERT. "It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorized access or against technically sophisticated users who want to disrupt operations. CERT has been working with government and industry groups to develop solutions to this problem using commercial and open source tools. We invite organizations to share their insights with us."

Unknown Supplier Processes and Foreign Entity Threats Drive Concerns

The largest category of concern within the supply chain, according to the survey, is with third-party vendors (55% in 2011 vs. 49% in 2010). Respondents were also concerned with contractor (49%) and software (42%) awareness and preparedness as well as concern over attacks from foreign entities, which has doubled in the past year from 5% in 2010 to 10% in 2011.

Skilled Cyber Security Professionals Provide the Best Defense

According to the 2011 study, unintentional exposure of private or sensitive information has significantly declined since 2010 (31% in 2011 vs. 52% in 2010). Organizations have taken several steps to reduce this exposure including providing cybersecurity training (65%) and the implementation of internal monitoring tools like data loss prevention (DLP) (65%).

Organizations are using more programs to address cybersecurity risks, including access management (80%), intrusion detection systems (69%), vulnerability management (65%) and identity management (64%). Since 2010, the biggest swing in implementation is vulnerability management systems which grew to 65% from 48% in 2010.

"The Secret Service's international network of 31 electronic crimes task forces continuously monitors trends in cybercrime and the impact that this type of criminal activity has on various organizations and the American public," said Kenneth Jenkins, Special Agent in Charge of the U.S. Secret Service Criminal Investigative Division. "Through these task forces, we seek to establish, promote and continue robust public-private partnerships based on the Secret Service's historic strategic alliances with federal, state and local law enforcement agencies, private industry and academic institutions. Together, we can respond to, confront and suppress cybercrime, malicious uses of cyberspace and threats to cybersecurity that endanger the integrity of our nation's financial payments systems and threats against our nation's critical infrastructure."

More than 600 respondents, including business and government executives, professionals and consultants, participated in the survey with answers covering the period between August 2009 and July 2010. The survey was a cooperative effort of CSO, the U.S. Secret Service, the Software Engineering Institute CERT Program at Carnegie Mellon University, and Deloitte.

view counter