April 23, 2012 at 3:22 PM ET
Nearly two-thirds of IT security professionals worldwide believe their companies will be the target of a cyber attack in the next six months, and 61 percent say that Anonymous and other hacktivist groups will be most likely the ones to target their organizations.
Cyber criminals, then "nation states," including China and Russia, are considered next on the list of likely attackers by 55 and 48 percent, respectively, according to the survey done by security firm Bit9. Only 28 percent think that "disgruntled employees" are the most likely to target their companies.
"The survey results put a spotlight on an interesting contradiction: on the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation states," said Harry Sverdlove, chief technology officer of Bit9.
The company's 2012 Cyber Security Survey of 1,861 IT pros was done to "gauge the current state of enterprise security and identify the attack methods and cybercrimal groups that keep IT executives up at night."
Among the other findings:
- 74 percent think "endpoint security solutions on their laptops and desktops are not doing enough to protect their companies and intellectual property (IP) from cyber attacks."
- 95 percent believe cyber security breaches "should be disclosed to customers and to the public," something that a hot-button issue for many businesses. The House is considering several cyber security measures, including a system that would let U.S. intelligence agencies and businesses share information about hackers and the techniques they use.
- 48 percent think companies that have cyber security breaches should not only disclose it, but also "provide a description of what is stolen, while nearly a third (29 percent) believes a description of how the attack occurred should also be shared. Only 6 percent felt that nothing should be disclosed."
- 62 percent are most worried about targeted attack methods, including malware (45 percent) and spear phishing (17 percent). Spear phishing is an attempt to hack an individual's computer or accounts by sending an email that's tailored to that person and his or her company.
- Only 11 percent said they worry about the attack methods that, so far, are commonly used by hacktivists, such as distributed denial-of-service attacks and SQL injection, a technique to attack databases through a website.
The "good" news from the survey: 58 percent say that companies that put into place "best practices and better security policies are in the best position to improve enterprise security, and 19 percent believe individual employees play an important role in improving the state of security."
No one is especially trustworthy of government efforts in the cyber security realm. "Despite current plans to implement cyber security legislation, only 7 percent believe that government regulation and law enforcement will best improve security," Bit9 found.
Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.
