Some 75 percent of US CISOs state the worst consequences of an attacker gaining access to their companies’ most valuable asset would be the financial cost and reputational damage. However, few say the financial cost could lead to bankruptcy 35%.
In Sweden, 65 percent of those surveyed expect cyber criminals accessing prized assets could lead to the downfall of the company. Reputational costs are perceived most as a main threat in the UK, where almost 80 percent of respondents have mentioned it as the most dangerous risk to their business, almost triple the percentage of Italian IT execs.
Even if it sounds alarming, loss of life – mentioned by 39 percent of the Swedes - is a severe yet real consequence of an APT. Targeted attacks could also aim at critical national or transnational infrastructures (i.e. nuclear power plants, national energy grids, urban water supplies, transportation management systems, traffic controller systems, hospitals and other healthcare facilities). In a modern environment where automation has become a reality, targeted attacks can practically paralyze countries and, unfortunately, lead to human casualties.
Exfiltrating sensitive data could also be leveraged by governments for military purposes too. An obvious example of information-stealing APTs is Net Traveler. Quietly stealing information since 2004, more than 22 gigabytes of data pertaining to aerospace, nanotechnology, nuclear power cells, lasers, drilling, manufacturing in extreme conditions, and radio wave weapons have been exfiltrated without triggering any bells and whistles for years. Loss of life has been also mentioned by many respondents in Germany (nearly 30 percent), and the US (almost 20), while far more Italians fear financial losses (85 percent) than Danes (55 percent).
Migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, creating new threats and more worries to CISO offices regarding the safety of their data.
The survey, conducted in April-May 2017 by Censuswide for Bitdefender, included 1,051 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany. The study explores, in detail, the pressures advanced persistent threats (APTs) place on IT security professionals.