With a slew of bad actors dispatching almost daily advanced attacks, organizations of all sizes must be prepared. Many respondents to this year's "Guarding Against a Data Breach" survey say they are. Illena Armstrong reports.
Even as advanced persistent threats (APTs) and other attacks strike companies and government agencies at an unparalleled rate, information security professionals remain bullish about forging ahead with their data protection and risk management efforts this year. In fact, more IT security leaders than ever before think their companies are making greater strides in safeguarding critical corporate and customer data.
According to this year's SC Magazine "Guarding Against a Data Breach" survey, which for the first in its six-year history sought input from professionals in the U.K. and Australia, 91 percent of the 427 U.S. respondents say their companies are taking proper steps to protect critical data, compared to 87 percent in 2012 and 2011. Meanwhile, of the 104 respondents from the U.K. and Australia, 83 percent think they are moving in the right direction.
However, the reality may be a little different from these more optimistic views. Just in the last month, it was revealed that sly and practiced hackers, likely from China, pervaded The New York Times computer networks over four months to try to steal information related to a story the newspaper wrote late last year about the Chinese prime minister's relatives – and the riches they obtained. Enlisting several techniques to hide their tracks, the criminals gained access to employee computers and stole reporters' passwords, probably using spear phishing methods to install backdoors. So far, there is no evidence that any files, customer information or other data was affected, according to newspaper officials.
The incursions didn't stop there. Also recently hit were The Washington Post, The Wall Street Journal, Twitter and the U.S. Department of Energy. And all were reportedly battered by similar or the very same savvy cyber assailants employing what are fast-becoming preferred APT attacks that allow them to infiltrate networks and then linger for long periods behind a sea of obfuscation to observe network communications, amass critical information and more.
“Generally, there may be a perception that companies are doing a better job by applying security products [or other tactics], but the reality is that security breaches keep escalating each year,” says Ron Baklarz, CISO and export control compliance officer with the National Railroad Passenger Corp. (AMTRAK). “This will only worsen as nation- and state-sponsored attacks on U.S. critical infrastructures increase, as well.”
Likely because of this escalation, more respondents to this year's data breach survey compared to previous years agree that the threat of a breach, loss or exposure is greatly influencing their organization's security initiatives. Some 85 percent noted this as a major driver, compared to 80 percent in 2012. Similar to U.S. responses last year, 76 percent of U.K. and Australia IT security pros say attacks are a major influence on initiatives for this year's survey, which was sponsored by Vormetric and conducted in partnership with CA Walker.
“As time goes on, more companies understand that it's better to be proactive and assess and deal with the security of their data – through frameworks, standards and regulations, like ISO 27002, PCI or HIPAA – rather than wait for a security incident or a failing security audit to start making progress,” says Brad Johnson, vice president at long-standing consultancy SystemExperts, based in Sudbury, Mass.
This is especially true given how much data actually is being generated every day and how much organizations have come to rely on it to run their businesses, says Tina Stewart, vice president of marketing at Vormetric, a San Jose, Calif.-based provider of enterprise encryption and key management. With reliance on data assets growing exponentially in recent years, protection of it is paramount.
“Recently I read that every day, we create 2.5 quintillion bytes of data – so much that 90 percent of the data in the world today has been created in the last two years alone,” Stewart says. “This data needs to be protected, and there is a cost to that protection.”