Cyber-Attacks Are More Targeted and Sophisticated

Today, nearly every organization finds itself in the scope of hackers, cyber-criminals, disgruntled employees and others looking to engineer cyber-attacks. The risks are growing exponentially, and the attack landscape keeps evolving, making it difficult for companies to keep up.

A newly released report from QuinStreet Enterprise, “2015 Security Outlook: Meeting Today’s Evolving Cyber-Threats,” examines emerging security issues and trends. The survey of 387 business and IT executives found that cyber-attacks are becoming more targeted and sophisticated, and a growing number of companies are experiencing attacks and breaches. As a result, some organizations are responding with larger security budgets and a more focused defense.

Overall, 50 percent of the survey respondents reported that cyber-attacks are either the most important issue or a top three IT issue for their organization. Only 20 percent indicated that cyber-threats weren’t a major issue, though the figure dropped to 8 percent at large enterprises.

In all, 76 percent of the business and IT leaders reported that their organization has experienced a damaging breach over the past year. The leading problems included corruption of servers (26 percent), prolonged email system failure (18 percent), revenue loss (18 percent), loss of employee information (14 percent) and other losses (24 percent).

As threats increase, organizations aren’t standing still. The report found that as a result of a breach, nearly half of respondents (44 percent) have increased the portion of their IT budget that’s allocated to security. Among large enterprises, that figure rose to 51 percent.

What’s more, the executives surveyed noted that in some cases, they are shifting their focus to new and different risks as a result of a changing threat landscape. For example, 71 percent of respondents at large firms cited concerns over cloud vulnerabilities, and 59 percent rated the bring-your-own-device (BYOD) movement as a major risk.

Top Protection Methods

Purchasing patterns are also changing. Ninety-five percent of the survey respondents said that they purchased six or more security products in order to aggregate and assimilate information about attacks.

Top protection methods include firewall/intrusion detection and protection (77 percent), antivirus and malware protection (75 percent), remote access (67 percent), spyware blocking and detection (66 percent), and Internet filtering and content control (60 percent).

However, more advanced methods are also gaining favor. These include unified threat management (26 percent), security incident and event management (24 percent) and advanced persistent threat (APT) solutions (21 percent).

The report also found that traditional infrastructure companies are now playing an increased role in providing security solutions. Respondents ranked traditional security vendors such as Symantec, Microsoft, Intel/McAfee, Kaspersky and Trend Micro high, but they also ranked Cisco, HP, EMC, Dell and IBM as important providers.

“This might be due to the changing nature of attacks and their perceived threat,” the report noted. “For example, … protecting against DDoS [distributed denial-of-service] is now a great concern. And this type of attack needs infrastructure elements to help detect and minimize its impact.”

Finally, three-quarters of the survey respondents indicated that peers and technology content Websites serve as their primary sources of information about cyber-security, and about 60 percent rely on analysts to keep them up to date. Other important methods include tradeshows, technology blogs, vendor sites, product sheets, product demos and whitepapers.

“Changes in the way cyber-attacks are carried out are impacting the way companies deal with security,” the report concluded.