by John Worrall
In March 2013, Director of National Intelligence James Clapper testified before Congress that “America’s biggest national security threat could come not from bullets or bombs in a terrorist attack, but from a computer keyboard.” Clapper and other top intelligence officials from the U.S. stated that cyber attacks lead the numerous national security threats the United States currently faces.
For anyone who has read the headlines of the past couple of years, the same could be said for businesses and the cyber threats we face everyday. Now, it appears that the testimony provided by Clapper has fully seeped into the psyche of our business leaders.
Today at Cyber-Ark, we released the 7th annual “Global Advanced Threat Landscape” survey, where we interviewed close to 1000 C-level executives and IT security professionals across the U.S, Europe and Asia Pac. The most fascinating finding was that 80 percent of respondents around the globe believe that cyber attacks pose a greater threat to their nation than physical attacks. The results were nearly the same in every region where the survey was conducted.
I say this is fascinating – but not surprising. In last year’s survey, 66 percent of respondents indicated that external cyber threats would become a greater security risk than insiders within 1-3 years. Combine this with the continued awareness around cyber-threats and major news stories like the recent NSA leak, and the result is heightened awareness cyber-attacks and the potential destruction they can cause.
This line of thinking represents the new normal – both for businesses and for national security. One of the primary reasons for this is because we see it every day. Take this eye-grabbing stat from today’s survey: 51 percent of respondents believe a cyber-attacker is currently on their network – or has been in the past year.
This simply shows the ease with which attackers can bypass perimeter security. This has led to a decrease in confidence of perimeter security overall. In fact, 57 percent said their company put too much faith in anti-virus and perimeter security. It’s stats like these that support why we’ve long advocated for businesses to take an inside-out approach to security, to assume that the perimeter has been breached and secure the internal soft-targets that the attackers are targeting. Phishing, zero-day exploits, password cracking, and other forms of attacks are means – they’re not the end game for attackers.
This is the 7th year we’ve done this survey. We’ve seen a lot of changes to the threat landscape during this time – from new, nation-based threat actors, to increased cyber-criminal activity, to the continued growth of the insider threat. What has remained constant is the need for a proactive approach to security, focused on securing critical data and assets that attackers of every stripe covet. We’ll be posting more of the survey data and our take on it in subsequent postings.