Jun 06 2014

Hackers Take Lead in High-Profile Cybersecurity Wars

Three-fourths of respondents in a recent survey said they had detected a cybersecurity breach in the past year.

A recent cybercrime survey of more than 500 U.S. executives and security experts concluded that hackers are one step ahead of today’s defenses.

The 12th US State of Cybercrime Survey was sponsored by PwC, CSO Magazine, the U.S. Secret Service and the CERT division of the Software Engineering Institute. The survey polled “executives, security experts and others from the public and private sectors” to gauge their readiness in case of a cybersecurity attack.

Early in the report, one thing becomes clear: Hackers have the advantage.

"The cybersecurity programs of US organizations do not rival the persistence, tactical skills and technological prowess of their potential cyber adversaries,” according to the report.

The top five types of cyberattack methods reported include denial-of-service attacks, spyware, phishing and network interruption.

The report breaks down the greatest damage done as a result of cyberattacks in each major industry in the U.S.:

  • Banking and finance: Financial fraud
  • Government: Operating systems and files altered; unauthorized access or use
  • Healthcare: Private or sensitive data unintentionally exposed; email denial
  • Information and telecom: Email denial; DoS attacks
  • Insurance: Financial losses

The threat of cybercrime has become high-profile. In January, the U.S. Director of National Intelligence said cybercrime ranks as the top national security threat — above terrorism and weapons of mass destruction, according to the report.

In 2013, the FBI notified 3,000 U.S. companies that they'd been victims of cybercrime.

"The playground is a very dangerous place right now," says FBI Director James B. Comey.

This focus on vulnerability to cybercrime comes at a time of transition for many businesses, as Microsoft recently relinquished support of its popular, dated operating system, Windows XP. The shift could bring a new wave of strikes on industries that have yet to migrate to newer, more secure platforms, according to the report.

Teamwork will be needed across all industries to build a cybersecurity defense capable of stopping high-profile attacks, the report states.

“All of us have a common interest in being protected, so this might be a chance for retailers and banks to for once work together, as opposed to sue each other like we’ve been doing the last decade,” says James Dimon, CEO of JPMorgan Chase.

Cybersecurity by the numbers

3000 number of companies the FBI notified about being victims of cyberintrusion in 2013
$2,500 median maximum amount per employee per year that banking and financial organizations invest in cybersecurity
$400 median maximum amount per employee per year that retail and consumer businesses invest in cybersecurity
69% of U.S. respondents said they were worried about the impact of cyberthreats
82% of companies with high-performing security practices collaborate with others to improve their knowledge
59% of U.S. respondents said they were more concerned about cybersecurity threats in 2013 than in the past
77% said they detected a security breach in the past year
67% of those who detected a security breach were not able to estimate its financial cost
28% said breaches indicated the attacks could have been perpetrated by insiders
49% have a plan for responding to insider threats