When it comes to the growing threats of global cyber-terrorism, the current state of security within the US and the ability of organizations to prevent such attacks, information security executives feel deeply at risk. In fact, many expect a catastrophic incident to occur within the next 24 months.
A survey from Thycotic, a provider of privileged account management (PAM) solutions, found that 63% of respondents feel that terrorists are capable of launching a catastrophic cyber-attack on the US, and could do so within the upcoming year.
“Over two-thirds of respondents stated they did feel that terrorists were this close, and over 80 percent agreed they could strike within two years,” said Nathan Wenzler, executive director of security at Thycotic. “A consensus like this is not unusual these days, as more and more terrorist organizations have demonstrated increasing sophistication in their use of technology to communicate, social media to recruit new members, and of course, technical exploits and direct attacks against websites, corporate networks and government entities.”
Even so, 92% of respondents believe that a majority of US companies either need more security or are way behind the security curve to defend against cyber-terrorism attacks.
“Most companies and government organizations aren’t moving fast enough to protect themselves from what seems to be an inevitable terrorist cyberattack,” Wenzler said. “And nearly 90% of our respondents agree, stating that they believe the military and private sectors absolutely must focus more on developing and implementing defense strategies against this sort of terrorist-backed cyber-attack.”
The findings accordingly show that 72% actually feel that the topic isn’t hyped enough, and that education and awareness is critical to foment a re-examination of the type of security technology used to protect both the US government and private sectors. The majority of those surveyed (89%) believe that both military and businesses need to focus more on developing capabilities to defend against terrorist-inspired cyber-attacks.
“Education is a common theme within strong security programs, and there is an ever-present need to inform users everywhere of the dangers presented by the wide variety of cyber-threats out there, but with terrorist threats, it becomes difficult to publicize due to the somewhat intangible nature of these efforts,” Wenzler said. “Physical terrorism has a direct and visceral result that can be shown on TV networks and internet news sites…But cyber-terrorism is plotted in the shadows, and is seldom publicized.”
That could be due to either a lack of any entity wanting to take credit, or the need of the government or private organizations to keep any investigation related to terrorism quiet, as a national security matter.
But, “[. . . I]t is this radio silence on the issue that helps keep the matter off the radar for most everyone and decreasing the sense of priority for protecting data and information assets from terrorist threats,” Wenzler said.
Interestingly, respondents felt that the private sector is the most at risk, despite the nation-state-led dimension of cyber-terrorism: Half (50%) of respondents believe US private companies are more vulnerable than government agencies. Just 42% believe the government is more vulnerable than private companies.
Photo © grafvision