Danish IT execs perceive hacktivist entities and competitors as the main interested parties that could target their organisations, according to a recent Bitdefender survey. The study confirms that competitors interested in corporate espionage and foreign state-sponsored attackers come second and third, with 61 percent and 46 percent, respectively.
A fifth of IT security decision makers in Denmark say their companies could ‘definitely’ be a target of cyberespionage campaigns using advanced persistent threats (APTs), according to a recent survey by security firm Bitdefender. These complex cyber tools are crafted for high-profile entities and operate by silently gathering sensitive data over long periods. Another 54 percent of respondents say their IT infrastructure could ‘possibly’ be targeted in high-level cyberespionage actions that exfiltrate intelligence systematically.
Surprisingly, most IT decision makers in Denmark say it would take a few weeks to a month to detect an APT, but 29 percent say they would need up to a year to uncover modern sophisticated threats. This might show many surveyed IT execs fear but underestimate the potential complexity of these threats.
Most advanced persistent threats are not limited to state-sponsored attacks, as enterprises can also fall victim to attackers that exploit zero-day vulnerabilities to install highly targeted malware to spy on companies and steal intellectual property. Bitdefender’s survey confirms that CISOs perceive hacktivist entities as the main interested party that would target their organisations (75 percent). Competitors interested in corporate espionage and foreign state-sponsored attackers come second and third, with 61 percent and 46 percent, respectively.
Some 65 percent of IT security decision makers in Denmark reveal reputational damage to their businesses tops the list of the worst consequences they could face if an APT attacker accesses the ‘crown jewels’. Financial costs come second (55 percent), followed by bankruptcy (49 percent). Darker risks even include war or cyber conflicts (19 percent) and loss of life (16 percent).
Companies mostly fear losing information about their customers (67 percent), followed by information about certain employees (47 percent), financial information (38 percent), product info and specifications (31 percent), research about new products (23 percent), research about the competition (9 percent), and intellectual property (9 percent), said respondents.
As a result, 74 percent of boards of directors address cybersecurity as a serious risk management issue with severe reputation and financial consequences, while only 21 percent haven’t done it so far. Only four in ten organisations in Denmark (42 percent) have an incident response and disaster recovery plan in place in case of an APT attack or massive breach, and 47 percent admit they have started developing such a strategy, currently as a work in progress. Less than 10 percent lack these types of procedures.
More than half of Danish execs surveyed perceive next gen security solutions (including artificial intelligence algorithms, endpoint detection and response capabilities), and traditional security solutions as the best defense against advanced persistent threats. Layered defense, a mix of multiple security policies and tools designed to fight modern threats and penetrations, security audits, and log monitoring have been also mentioned by more than a third of the respondents.
The survey, conducted in April-May 2017 by Censuswide for Bitdefender, included 1,051 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.