Welcome!

Agile Computing Authors: Pat Romanski, AppDynamics Blog, Elizabeth White, Jnan Dash, Xenia von Wedel

News Feed Item

As Cybercrime Threats Continue to Escalate, 2013 State of Cybercrime Survey from PwC and CSO Finds Companies Aren't Doing Enough to Defend Themselves

Stark reality: respondents still do not understand the extent of threats and how to combat them; survey results point to serious implication to U.S. and global business if senior executives do not take action now

NEW YORK, June 20, 2013 /PRNewswire/ -- PwC US and CSO magazine today released the 2013 State of Cybercrime Survey, which reveals that while cybercrime threats are on the rise, current attempts to counter them remain largely unsuccessful. According to the report, organizations have made little progress in developing ways to defend themselves against both internal and external cyber opponents. Over 500 U.S. executives, security experts, and others from the private and public sectors were surveyed on their views on the state of cybercrime. The survey is a collaborative effort with PwC, CSO magazine, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University, and the FBI.

(Logo: http://photos.prnewswire.com/prnh/20100917/NY66894LOGO )

"The facts are clear: today's organizations are not taking the necessary steps to mitigate the risk of cybercrime, even in the face of increasingly serious and frequent threats," said David Burg, PwC principal in the firm's U.S. Advisory practice focused on cybersecurity. "PwC believes the time is now for organizations to take action. The threat to U.S. business and our nation's infrastructure is very real. Cybersecurity is a business imperative, and senior executives and Boards need to understand the challenges, educate their employees to raise awareness and increase vigilance, and apply cyber threat intelligence to help abate risks from sophisticated threat actors."

"Possibly the most alarming theme that came out of this year's survey results was that U.S. organizations are misjudging the severity of risks they face from cyber attacks from a financial, reputational, and regulatory perspective," said Bob Bragdon, vp and publisher, CSO. "Organizations have increased their attack surface as a result of doing business in an increasingly interconnected and interdependent business landscape.  Cyber threats can come from outside and inside the organization.  Public awareness has been largely focused on the more sensational successful cyber espionage attacks from nation-states, but the fact is insiders with malicious intent also pose a great security risk."

Although the survey did confirm that attacks continue to range from targeted and sophisticated to fairly simple exploits of vulnerabilities created by years of underinvestment in security programs, technologies, and processes, PwC believes the cybersecurity challenge can – and must -- be met.  In many cases companies can be successful in mitigating these attacks with a thorough cybersecurity strategy that is aligned to the business strategy and includes vigilant and proactive awareness of the threat environment, a strong asset identification and protection program and is supported by proactive monitoring and enhanced incident response processes. Attacks that are most severe, often from nation-states, should be faced in conjunction with government agencies.

"Insiders continue to be a threat that must be recognized as part of an organization's enterprise-wide risk assessment. Whether an incident is perpetrated by an employee, contractor, or trusted business partner with malicious intent or without, organizations should implement controls to prevent and detect suspicious activity and take action to consistently respond to the activity," said Randy Trzeciak, technical manager of the Insider Threat Center at CERT.

For the second year in a row, respondents identified insider crimes (33.73 percent) as likely to cause more damage to an organization than external attacks (31.34 percent). The study found that:

  • Seventeen percent of respondents who had suffered an insider attack did not know what the consequences entailed;
  • Thirty-three percent of respondents had no formalized insider threat response plan;
  • Twice as many respondents indicated "non-malicious insiders" cause more sensitive data loss than malicious inside actors; and
  • Of those who did know what the insider threat handling procedures were, the majority reported that the cases were handled in-house, without legal action or law enforcement involvement

"One of the key elements in defending against insider attacks is employee training and awareness," added Burg. "Insider threat actors often show early warning signs of malicious intent that IT security tools cannot detect, but which employees and managers will notice – and can respond accordingly." 

"The potential threat from insiders cannot be underestimated or dismissed as inconsequential," said Ed Lowry, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service. "In the current environment, any business model must include a comprehensive cyber security plan that addresses both physical and IT systems security threats. This plan should include education, training, and awareness of all employees and redundant auditing procedures that will help mitigate a single point of failure vulnerability."

"We must consistently get past the privacy and liability issues that arise in the private sector reporting cyber intrusions to the government," said FBI Executive Assistant Director Richard McFeely. "When that happens, we have seen recent notable examples of the power of private sector and government coming together to counter our cyber adversaries."

"Cybercrime is an equal opportunity event and an active cyber defense program is imperative for all organizations," continued Burg. "Today's business leaders need to step up and take a proactive stand to protect their business ecosystem."

For the full survey report, please visit: www.pwc.com/cybersecurity.

PwC's cybersecurity consulting professionals help organizations understand the complex cyber challenges they face today. PwC provides strategies for clients to adapt and respond to risks, and prioritize and protect the most crucial assets to their business strategy and goals.  For more information on PwC's cybersecurity point of view, visit: www.pwc.com/cybersecurity.

Methodology

The 2013 State of Cybercrime Survey was conducted by CSO magazine in collaboration with PwC, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University. The survey was conducted between March 20 and April 25, 2013.  Over 500 US executives, security experts, and others from the private and public sectors responded to the survey questions.

Note to Editors:  References to the 2013 State of Cybercrime Survey must reference PwC, CSO magazine, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University.

About CSO Magazine
CSO is the premier content and community resource for security decision-makers leading "business risk management" efforts within their organization.  For more than a decade, CSO's award-winning  Web site (CSOonline.com), publication, executive conferences, custom  solutions and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations' employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world's leading media, events and research company. Company information is available at www.idgenterprise.com.

About the United States Secret Service
The U.S. Secret Service has taken a lead role in mitigating the threat of financial crimes since the agency's inception in 1865.  As technology has evolved, the scope of the U.S. Secret Service's mission has expanded from its original counterfeit currency investigations to also include emerging financial and cybercrimes.   As a component agency within the U.S. Department of Homeland Security, the U.S. Secret Service, through their Electronic Crimes Task Forces, has established successful partnerships in law enforcement  business and academic communities – across the country and around the world – in order to effectively combat financial and cybercrimes.  More information can be found at: www.secretservice.gov.

About the Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. The CERT Program serves as a center of enterprise and network security research, analysis, and training within the SEI. For more information, visit the CERT website at http://www.cert.org and the SEI website at http://www.sei.cmu.edu.

About the FBI
As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, including cyber-based attacks and high-technology crimes; to uphold and enforce the criminal laws of the United States; and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

About PwC's Advisory Practice
PwC's Advisory professionals help organizations improve business performance, respond quickly and effectively to crisis, and extract value from transactions. We understand our clients' industries and unique business challenges, and look across the entire organization — focusing on strategy, structure, people, process and technology — to help clients build their next competitive advantage.  See www.pwc.com/us/consulting for more information or follow us @PwCAdvisory.

About PwC US
PwC US helps organizations and individuals create the value they're looking for.  We're a member of the PwC network of firms in 158 countries with more than 180,000 people.  We're committed to delivering quality in assurance, tax and advisory services.  Tell us what matters to you and find out more by visiting us at www.pwc.com/US.

Learn more about PwC by following us online: @PwC_LLP, YouTube, LinkedIn, Facebook and Google +.

© 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

SOURCE PwC US

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York. Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flo...
The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...