Welcome!

Agile Computing Authors: William Schmarzo, Liz McMillan, Gopala Krishna Behara, Sridhar Chalasani, Tirumala Khandrika

News Feed Item

As Cybercrime Threats Continue to Escalate, 2013 State of Cybercrime Survey from PwC and CSO Finds Companies Aren't Doing Enough to Defend Themselves

Stark reality: respondents still do not understand the extent of threats and how to combat them; survey results point to serious implication to U.S. and global business if senior executives do not take action now

NEW YORK, June 20, 2013 /PRNewswire/ -- PwC US and CSO magazine today released the 2013 State of Cybercrime Survey, which reveals that while cybercrime threats are on the rise, current attempts to counter them remain largely unsuccessful. According to the report, organizations have made little progress in developing ways to defend themselves against both internal and external cyber opponents. Over 500 U.S. executives, security experts, and others from the private and public sectors were surveyed on their views on the state of cybercrime. The survey is a collaborative effort with PwC, CSO magazine, the U.S. Secret Service, the Software Engineering Institute CERT® Program at Carnegie Mellon University, and the FBI.

(Logo: http://photos.prnewswire.com/prnh/20100917/NY66894LOGO )

"The facts are clear: today's organizations are not taking the necessary steps to mitigate the risk of cybercrime, even in the face of increasingly serious and frequent threats," said David Burg, PwC principal in the firm's U.S. Advisory practice focused on cybersecurity. "PwC believes the time is now for organizations to take action. The threat to U.S. business and our nation's infrastructure is very real. Cybersecurity is a business imperative, and senior executives and Boards need to understand the challenges, educate their employees to raise awareness and increase vigilance, and apply cyber threat intelligence to help abate risks from sophisticated threat actors."

"Possibly the most alarming theme that came out of this year's survey results was that U.S. organizations are misjudging the severity of risks they face from cyber attacks from a financial, reputational, and regulatory perspective," said Bob Bragdon, vp and publisher, CSO. "Organizations have increased their attack surface as a result of doing business in an increasingly interconnected and interdependent business landscape.  Cyber threats can come from outside and inside the organization.  Public awareness has been largely focused on the more sensational successful cyber espionage attacks from nation-states, but the fact is insiders with malicious intent also pose a great security risk."

Although the survey did confirm that attacks continue to range from targeted and sophisticated to fairly simple exploits of vulnerabilities created by years of underinvestment in security programs, technologies, and processes, PwC believes the cybersecurity challenge can – and must -- be met.  In many cases companies can be successful in mitigating these attacks with a thorough cybersecurity strategy that is aligned to the business strategy and includes vigilant and proactive awareness of the threat environment, a strong asset identification and protection program and is supported by proactive monitoring and enhanced incident response processes. Attacks that are most severe, often from nation-states, should be faced in conjunction with government agencies.

"Insiders continue to be a threat that must be recognized as part of an organization's enterprise-wide risk assessment. Whether an incident is perpetrated by an employee, contractor, or trusted business partner with malicious intent or without, organizations should implement controls to prevent and detect suspicious activity and take action to consistently respond to the activity," said Randy Trzeciak, technical manager of the Insider Threat Center at CERT.

For the second year in a row, respondents identified insider crimes (33.73 percent) as likely to cause more damage to an organization than external attacks (31.34 percent). The study found that:

  • Seventeen percent of respondents who had suffered an insider attack did not know what the consequences entailed;
  • Thirty-three percent of respondents had no formalized insider threat response plan;
  • Twice as many respondents indicated "non-malicious insiders" cause more sensitive data loss than malicious inside actors; and
  • Of those who did know what the insider threat handling procedures were, the majority reported that the cases were handled in-house, without legal action or law enforcement involvement

"One of the key elements in defending against insider attacks is employee training and awareness," added Burg. "Insider threat actors often show early warning signs of malicious intent that IT security tools cannot detect, but which employees and managers will notice – and can respond accordingly." 

"The potential threat from insiders cannot be underestimated or dismissed as inconsequential," said Ed Lowery, Special Agent in Charge, Criminal Investigative Division, U.S. Secret Service. "In the current environment, any business model must include a comprehensive cyber security plan that addresses both physical and IT systems security threats. This plan should include education, training, and awareness of all employees and redundant auditing procedures that will help mitigate a single point of failure vulnerability."

"We must consistently get past the privacy and liability issues that arise in the private sector reporting cyber intrusions to the government," said FBI Executive Assistant Director Richard McFeely. "When that happens, we have seen recent notable examples of the power of private sector and government coming together to counter our cyber adversaries."

"Cybercrime is an equal opportunity event and an active cyber defense program is imperative for all organizations," continued Burg. "Today's business leaders need to step up and take a proactive stand to protect their business ecosystem."

For the full survey report, please visit: www.pwc.com/cybersecurity.

PwC's cybersecurity consulting professionals help organizations understand the complex cyber challenges they face today. PwC provides strategies for clients to adapt and respond to risks, and prioritize and protect the most crucial assets to their business strategy and goals.  For more information on PwC's cybersecurity point of view, visit: www.pwc.com/cybersecurity.

Methodology

The 2013 State of Cybercrime Survey was conducted by CSO magazine in collaboration with PwC, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University. The survey was conducted between March 20 and April 25, 2013.  Over 500 US executives, security experts, and others from the private and public sectors responded to the survey questions.

Note to Editors:  References to the 2013 State of Cybercrime Survey must reference PwC, CSO magazine, the U.S. Secret Service and the Software Engineering Institute CERT Program at Carnegie Mellon University.

About CSO Magazine
CSO is the premier content and community resource for security decision-makers leading "business risk management" efforts within their organization.  For more than a decade, CSO's award-winning  Web site (CSOonline.com), publication, executive conferences, custom  solutions and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. To assist CSOs in educating their organizations' employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Enterprise, a subsidiary of International Data Group (IDG), the world's leading media, events and research company. Company information is available at www.idgenterprise.com.

About the United States Secret Service
The U.S. Secret Service has taken a lead role in mitigating the threat of financial crimes since the agency's inception in 1865.  As technology has evolved, the scope of the U.S. Secret Service's mission has expanded from its original counterfeit currency investigations to also include emerging financial and cybercrimes.   As a component agency within the U.S. Department of Homeland Security, the U.S. Secret Service, through their Electronic Crimes Task Forces, has established successful partnerships in law enforcement  business and academic communities – across the country and around the world – in order to effectively combat financial and cybercrimes.  More information can be found at: www.secretservice.gov.

About the Software Engineering Institute and the CERT Program
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI helps organizations make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. The CERT Program serves as a center of enterprise and network security research, analysis, and training within the SEI. For more information, visit the CERT website at http://www.cert.org and the SEI website at http://www.sei.cmu.edu.

About the FBI
As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, including cyber-based attacks and high-technology crimes; to uphold and enforce the criminal laws of the United States; and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

About PwC's Advisory Practice
PwC's Advisory professionals help organizations improve business performance, respond quickly and effectively to crisis, and extract value from transactions. We understand our clients' industries and unique business challenges, and look across the entire organization — focusing on strategy, structure, people, process and technology — to help clients build their next competitive advantage.  See www.pwc.com/us/consulting for more information or follow us @PwCAdvisory.

About PwC US
PwC US helps organizations and individuals create the value they're looking for.  We're a member of the PwC network of firms in 158 countries with more than 180,000 people.  We're committed to delivering quality in assurance, tax and advisory services.  Tell us what matters to you and find out more by visiting us at www.pwc.com/US.

Learn more about PwC by following us online: @PwC_LLP, YouTube, LinkedIn, Facebook and Google +.

© 2013 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

SOURCE PwC US

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices t...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
DevOps at Cloud Expo – being held June 5-7, 2018, at the Javits Center in New York, NY – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits,...
@DevOpsSummit at Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, is co-located with 22nd Cloud Expo | 1st DXWorld Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait...
Cloud Expo | DXWorld Expo have announced the conference tracks for Cloud Expo 2018. Cloud Expo will be held June 5-7, 2018, at the Javits Center in New York City, and November 6-8, 2018, at the Santa Clara Convention Center, Santa Clara, CA. Digital Transformation (DX) is a major focus with the introduction of DX Expo within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive ov...
SYS-CON Events announced today that T-Mobile exhibited at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on qua...
SYS-CON Events announced today that Cedexis will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Cedexis is the leader in data-driven enterprise global traffic management. Whether optimizing traffic through datacenters, clouds, CDNs, or any combination, Cedexis solutions drive quality and cost-effectiveness. For more information, please visit https://www.cedexis.com.
SYS-CON Events announced today that Google Cloud has been named “Keynote Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Companies come to Google Cloud to transform their businesses. Google Cloud’s comprehensive portfolio – from infrastructure to apps to devices – helps enterprises innovate faster, scale smarter, stay secure, and do more with data than ever before.
SYS-CON Events announced today that Vivint to exhibit at SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California. As a leading smart home technology provider, Vivint offers home security, energy management, home automation, local cloud storage, and high-speed Internet solutions to more than one million customers throughout the United States and Canada. The end result is a smart home solution that sav...
SYS-CON Events announced today that Opsani will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Opsani is the leading provider of deployment automation systems for running and scaling traditional enterprise applications on container infrastructure.