Most-Feared Bogeymen: IT Professionals

By April 24, 2012

Image: MorgueFileAnonymous hacktivists, cyber criminals, and nation states top the concerns of IT security workers, according to new research. But in spite of their fears, those workers have shaky faith in currently-implemented security systems to deter attackers – and the population of potential hackers, a majority believe, is growing.

According to a new survey by data security firm Bit9, nearly two thirds of security professionals in the United States believe their organization will be the target of an attack within the next two months, though many don’t think their security systems are up to snuff.

The report doesn’t address why so many respondents have reason to believe they will be targeted by activists in the near future.

But while thick media coverage of attacks by hacktivist groups like Anonymous has security professionals worried about embarrassing defacement incidents, they acknowledge that more serious threats are likely to come from other sources.

“The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states,” said Bit9 CTO Harry Sverdlove, in a press release.

The survey results demonstrate “how the quickly changing cybercrimal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber security threats,” Sverdlove said.

More importantly, perhaps, is that a majority of respondents said that security on “endpoints” laptop and desktop computers, for the most part offers insufficient protection. Malware and phishing top the attack points respondents are worried about, indicating that a primary vulnerability is still human fallibility. As such, many believe that buffing up internal policies and investing in training are the most important lines of defense.

“Use of best practices and better security policies are considered by IT and security professionals to have the biggest impact on improving cyber security against advanced threats,” reads the report.

The surveyed IT workers were also skeptical of regulatory solutions, with just seven percent expressing confidence in the government’s ability to bolster security. By contrast, 74 percent of respondents working for the government said they expect an attack within the next six months.

Images: MorgueFile, United Artists