A survey of 500 executives at U.S. businesses, law enforcement agencies and government departments found that “cybersecurity programs of U.S. organizations do not rival the persistence and technological prowess of their cyber adversaries. Organizations do not adequately address employee and insider vulnerabilities. [They do not] assess the security practices of third-party partners and supply chains. [And most] do not strategically invest in cybersecurity and ensure that it is aligned with their overall business strategy.
The 2014 U.S. State of Cybercrime Survey was jointly sponsored by PwC, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, CSO magazine and the United States Secret Service.
Three out of four respondents said they had detected a security breach in the past year, and the average number of security intrusions was 135 per organization.
“Despite substantial investments in cybersecurity technologies, cybercriminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetize,” said Ed Lowery, who heads the U.S. Secret Service’s criminal investigative division.
Lowery said companies and the government need to take “a radically different approach to cybersecurity,” which goes beyond antivirus software, training employees, working closely with contractors and setting up tighter processes.
The survey found that the top five cyberattack methods were malware, phishing, network interruption, spyware and denial-of-service attacks. For the complete 2014 U.S. State of Cybercrime Survey, go to this link.