CSO and PwC teamed-up with the CERT® Division of the Software Engineering Institute at Carnegie MellonUniversity and the United States Secret Service to conduct the annual survey to gain a better understanding of cybercrime trends within U.S. organizations.
The 2014 research found that the number of security incidents continue to surge as well as the cost associated with them. Additionally, organizations are still playing catch-up to combat cyber criminals.
Key Findings Include:
- The state of cybercrime is not good. U.S. organizations are failing to keep up with the persistence, technical expertise or the tactical skillset of their adversaries.
- Security for mobile devices is inadequate and poses elevated risks beyond phones and tablets. A large barrier for CSO’s is that mobile devices are viewed as employee devices and businesses are reluctant to push policies to personal devices.
- Insider threats are not sufficiently addressed and while awareness training would address the most common insider threats, most businesses don’t do awareness training.
- Insiders who commit cybercrimes typically exhibited pre-cursor characteristics including committing violations of IT security practices and the misusing of organizational resources.
- There is a significant disparity between SMB (less than 1,000 employees) & Enterprise organizations (1,000+ employees) with differences arising in both practices and types of cyber attacks.
To view slides on this research, click here