Corporations' cyber security under widespread attack, survey finds
A survey of IT executives at corporations in 14 countries finds that more than half have seen 'high-level' attacks on their firms' computer systems. Even so, budgets for cyber security and IT have been cut in recent years, two-thirds of the respondents say.
(Page 2 of 2)
In the survey, IT managers in the oil and gas industry reported more "GhostNet-style" attacks than any other sector, Baker told reporters Thursday. Seventy percent reported that their firms were subject to "very sophisticated attacks," he said. A recently reported example, Baker said, included 2008 stealth attacks on three oil and gas companies – ExxonMobil, ConocoPhillips, and Marathon – reported by the Monitor on Jan. 25.Skip to next paragraph
Subscribe Today to the Monitor
"On the whole, the oil and gas industry is attacked more frequently and in the most serious ways," Baker said in an interview.
The survey, funded by antivirus company McAfee, also reported that two-thirds of IT executives said their budgets and security resources had been reduced in recent years. Among those, one-quarter reported cuts of more than 15 percent.
Despite experiencing a relatively high level of stealth attacks and other attacks attributed to nation states, the oil and gas industry had the most widespread cuts in security fundings, with up to three-quarters of IT managers saying their operations had experienced budget reductions, the report found.
The implications of the report are potentially profound, he says.
"It's really very troubling because from what we know of these attacks, it's very difficult to restrict the kind of information once the attack succeeds. It's clear there is now little or no intellectual property, commercial secrets, or customer information that's safe from theft. That just completely changes the way people will do business over the next generation – unless we find a solution."
The survey highlights the need to develop tighter government-private partnerships on security, says Susan Armstrong of the Department of Homeland Security, a panelist at Thursday's press conference about the survey. Phylis Schneck, a McAfee expert, described the Internet as "a massive malware delivery system." Right now, she said, "the bad guys ... are better than we are."
But Adam Rice, chief security officer for Tata Communications, an Internet carrier in India, said that while security was getting worse, awareness of the need for better security appeared to growing. "Our customer base is becoming more security aware," he says.
Even so, the survey may be the harbinger of big changes.
"Either we're going to have to do business without secrets, or spend a lot more on security," Baker says. "Otherwise, the corporate crown jewels are there for the taking."
Follow us on Twitter.