Cybercrime Strikes More Fear than NSA Spying

March 5, 2014

Findings from a survey show that IT security professionals consider external threats from cybercriminals to be the more concerning issue facing the security of organizations’ sensitive information today.

“While the debate over the NSA and its authority does carry importance, this survey clearly demonstrates that IT security pros are more concerned with cybercriminals than government action,” says Fred Touchette, senior security analyst at AppRiver. “These are the people who deal with security every day, whose jobs depend on keeping networks secure, and who see threats as a practical problem, not a theoretical or philosophical issue.”

More than 110 attendees at RSA Conference 2014 took the survey, which was conducted via in-person interviews by AppRiver, a leading provider of email messaging and Web security solutions.

When asked to name the most dangerous threat to the security of their organization, the response breakdown follows:

56.2% of respondents report cybercrime from external sources as most problematic
33% say insider threats with non-malicious intent give them the most trouble
5.3% blame malicious insiders for causing the biggest security headache
5.3% point the finger at external threats from government as chief offender

Malware, including email-borne and web-based threats, topped the list of most concerning threat vectors followed by personally identifiable information (PII) and social engineering. The majority of respondents, 71.4%, cited people as the most frequent (or most likely) point of failure for IT security. 21.4% faulted process and 7.2% labeled technology as the weak link.

“As a new breed of cybercriminal gets more sophisticated, IT security pros believe employees are not prepared for the more serious threats,” Touchette continues. “This chasm demands a comprehensive security strategy that takes into account all threat vectors from technological and human standpoints. Organizations need a layered security approach that includes technology, training, awareness and enforcement to keep both inadvertent and intentional attacks from happening.”

Despite the Snowden incident, more than two thirds of respondents do not think it is time to ask employees to take psychometric tests to determine their honesty. When asked if IT security pros themselves would be willing to take such a test as a condition of employment, more than 65% said yes.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Cybercrime Strikes More Fear than NSA Spying

Related Articles

Related Events

Report Abusive Comment