Click here to close now.




















Welcome!

Agile Computing Authors: Gregor Petri, Elizabeth White, Samuel Scott, SmartBear Blog, Ruxit Blog

News Feed Item

As Cybercrime Threats Continue to Escalate, 2013 State of Cybercrime Survey from PwC and CSO Finds Companies Aren't Doing Enough to Defend Themselves

Stark reality: respondents still do not understand the extent of threats and how to combat them; survey results point to serious implication to U.S. and global business if senior executives do not take action now

NEW YORK, June 20, 2013 /PRNewswire/ -- PwC US and CSO magazine today released the 2013 State of Cybercrime Survey, which reveals that while cybercrime threats are on the rise, current attempts to counter them remain largely unsuccessful. According to the report, organizations have made little progress in developing ways to defend themselves against both internal and external cyber opponents. Over 500 U.S. executives, security experts, and others from the private and public sectors were surveyed on their views on the state of cybercrime. The survey is a collaborative effort with PwC, CSO magazine, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University, and the FBI.

(Logo: http://photos.prnewswire.com/prnh/20100917/NY66894LOGO )

"The facts are clear: today's organizations are not taking the necessary steps to mitigate the risk of cybercrime, even in the face of increasingly serious and frequent threats," said David Burg, PwC principal in the firm's U.S. Advisory practice focused on cybersecurity. "PwC believes the time is now for organizations to take action. The threat to U.S. business and our nation's infrastructure is very real. Cybersecurity is a business imperative, and senior executives and Boards need to understand the challenges, educate their employees to raise awareness and increase vigilance, and apply cyber threat intelligence to help abate risks from sophisticated threat actors."

"Possibly the most alarming theme that came out of this year's survey results was that U.S. organizations are misjudging the severity of risks they face from cyber attacks from a financial, reputational, and regulatory perspective," said Bob Bragdon, vp and publisher, CSO. "Organizations have increased their attack surface as a result of doing business in an increasingly interconnected and interdependent business landscape.  Cyber threats can come from outside and inside the organization.  Public awareness has been largely focused on the more sensational successful cyber espionage attacks from nation-states, but the fact is insiders with malicious intent also pose a great security risk."

Although the survey did confirm that attacks continue to range from targeted and sophisticated to fairly simple exploits of vulnerabilities created by years of underinvestment in security programs, technologies, and processes, PwC believes the cybersecurity challenge can – and must -- be met.  In many cases companies can be successful in mitigating these attacks with a thorough cybersecurity strategy that is aligned to the business strategy and includes vigilant and proactive awareness of the threat environment, a strong asset identification and protection program and is supported by proactive monitoring and enhanced incident response processes. Attacks that are most severe, often from nation-states, should be faced in conjunction with government agencies.

"Insiders continue to be a threat that must be recognized as part of an organization's enterprise-wide risk assessment. Whether an incident is perpetrated by an employee, contractor, or trusted business partner with malicious intent or without, organizations should implement controls to prevent and detect suspicious activity and take action to consistently respond to the activity," said Randy Trzeciak, technical manager of the Insider Threat Center at CERT.

For the second year in a row, respondents identified insider crimes (33.73 percent) as likely to cause more damage to an organization than external attacks (31.34 percent). The study found that:

  • Seventeen percent of respondents who had suffered an insider attack did not know what the consequences entailed;
  • Thirty-three percent of respondents had no formalized insider threat response plan;
  • Twice as many respondents indicated "non-malicious insiders" cause more sensitive data loss than malicious inside actors; and
  • Of those who did know what the insider threat handling procedures were, the majority reported that the cases were handled in-house, without legal action or law enforcement involvement

"One of the key elements in defending against insider attacks is employee training and awareness," added Burg. "Insider threat actors often show early warning signs of malicious intent that IT security tools cannot detect, but which employees and managers will notice – and can respond accordingly." 

"The potential threat from insiders cannot be underestimated or dismissed as inconsequential," said Ed Lowry, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service. "In the current environment, any business model must include a comprehensive cyber security plan that addresses both physical and IT systems security threats. This plan should include education, training, and awareness of all employees and redundant auditing procedures that will help mitigate a single point of failure vulnerability."

"We must consistently get past the privacy and liability issues that arise in the private sector reporting cyber intrusions to the government," said FBI Executive Assistant Director Richard McFeely. "When that happens, we have seen recent notable examples of the power of private sector and government coming together to counter our cyber adversaries."

"Cybercrime is an equal opportunity event and an active cyber defense program is imperative for all organizations," continued Burg. "Today's business leaders need to step up and take a proactive stand to protect their business ecosystem."

For the full survey report, please visit: www.pwc.com/cybersecurity.

PwC's cybersecurity consulting professionals help organizations understand the complex cyber challenges they face today. PwC provides strategies for clients to adapt and respond to risks, and prioritize and protect the most crucial assets to their business strategy and goals.  For more information on PwC's cybersecurity point of view, visit: www.pwc.com/cybersecurity.

Methodology

The 2013 State of Cybercrime Survey was conducted by CSO magazine in collaboration with PwC, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University. The survey was conducted between March 20 and April 25, 2013.  Over 500 US executives, security experts, and others from the private and public sectors responded to the survey questions.

Note to Editors:  References to the 2013 State of Cybercrime Survey must reference PwC, CSO magazine, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University.

About CSO Magazine
CSO is the premier content and community resource for security decision-makers leading "business risk management" efforts within their organization.  For more than a decade, CSO's award-winning  Web site (CSOonline.com), publication, executive conferences, custom  solutions and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations' employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world's leading media, events and research company. Company information is available at www.idgenterprise.com.

About the United States Secret Service
The U.S. Secret Service has taken a lead role in mitigating the threat of financial crimes since the agency's inception in 1865.  As technology has evolved, the scope of the U.S. Secret Service's mission has expanded from its original counterfeit currency investigations to also include emerging financial and cybercrimes.   As a component agency within the U.S. Department of Homeland Security, the U.S. Secret Service, through their Electronic Crimes Task Forces, has established successful partnerships in law enforcement  business and academic communities – across the country and around the world – in order to effectively combat financial and cybercrimes.  More information can be found at: www.secretservice.gov.

About the Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. The CERT Program serves as a center of enterprise and network security research, analysis, and training within the SEI. For more information, visit the CERT website at http://www.cert.org and the SEI website at http://www.sei.cmu.edu.

About the FBI
As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, including cyber-based attacks and high-technology crimes; to uphold and enforce the criminal laws of the United States; and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

About PwC's Advisory Practice
PwC's Advisory professionals help organizations improve business performance, respond quickly and effectively to crisis, and extract value from transactions. We understand our clients' industries and unique business challenges, and look across the entire organization — focusing on strategy, structure, people, process and technology — to help clients build their next competitive advantage.  See www.pwc.com/us/consulting for more information or follow us @PwCAdvisory.

About PwC US
PwC US helps organizations and individuals create the value they're looking for.  We're a member of the PwC network of firms in 158 countries with more than 180,000 people.  We're committed to delivering quality in assurance, tax and advisory services.  Tell us what matters to you and find out more by visiting us at www.pwc.com/US.

Learn more about PwC by following us online: @PwC_LLP, YouTube, LinkedIn, Facebook and Google +.

© 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

SOURCE PwC US

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that IceWarp will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. IceWarp, the leader of cloud and on-premise messaging, delivers secured email, chat, documents, conferencing and collaboration to today's mobile workforce, all in one unified interface
WebRTC has had a real tough three or four years, and so have those working with it. Only a few short years ago, the development world were excited about WebRTC and proclaiming how awesome it was. You might have played with the technology a couple of years ago, only to find the extra infrastructure requirements were painful to implement and poorly documented. This probably left a bitter taste in your mouth, especially when things went wrong.
Too often with compelling new technologies market participants become overly enamored with that attractiveness of the technology and neglect underlying business drivers. This tendency, what some call the “newest shiny object syndrome,” is understandable given that virtually all of us are heavily engaged in technology. But it is also mistaken. Without concrete business cases driving its deployment, IoT, like many other technologies before it, will fade into obscurity.
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevOps to advance innovation and increase agility. Specializing in designing, imple...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Treloar, President and COO of Bebaio, will explore examples of brands transforming their businesses by t...
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes about through a Communications Platform as a Service which allows for messaging, screen sharing, video...
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and analyzed? As an area of investment, how might a retail company move towards an innovation methodolo...
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of IoT applications and projects. Business operations, IT, and data scientists need advanced analytics t...
A producer of the first smartphones and tablets, presenter Lee M. Williams will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater. In his session at @ThingsExpo, Lee Williams, COO of ETwater, will talk about how he is now applying his experience in mobile technology to the design and development of the next generation of Environmental and Sustainability Services at ETwater.
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
Akana has announced the availability of the new Akana Healthcare Solution. The API-driven solution helps healthcare organizations accelerate their transition to being secure, digitally interoperable businesses. It leverages the Health Level Seven International Fast Healthcare Interoperability Resources (HL7 FHIR) standard to enable broader business use of medical data. Akana developed the Healthcare Solution in response to healthcare businesses that want to increase electronic, multi-device access to health records while reducing operating costs and complying with government regulations.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducted a live demonstration of how quickly application development can happen when the need to comply wit...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, described how to revolutionize your archit...
MuleSoft has announced the findings of its 2015 Connectivity Benchmark Report on the adoption and business impact of APIs. The findings suggest traditional businesses are quickly evolving into "composable enterprises" built out of hundreds of connected software services, applications and devices. Most are embracing the Internet of Things (IoT) and microservices technologies like Docker. A majority are integrating wearables, like smart watches, and more than half plan to generate revenue with APIs within the next year.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Opening Keynote at 16th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, d...