Cyberthreats are a serious and growing concern, according to the FBI, with cyber intrusions becoming more commonplace, complex, and dangerous. Zero day exploits, spear phishing, and sophisticated malware attacks have made headlines as companies lose billions of dollars each year repairing systems hit by such attacks, the FBI stated.
Ransomware attacks, in particular, have been rapidly multiplying. Between April 2015 and March 2016, more than 718,500 users were hit with encryption ransomware--an increase of 550% compared to the same period in 2014-2015, according to research from Kaspersky Lab.
CIOs are often responsible for protecting their organization's data from cybercrime attempts. TechRepublic recently polled its panel of IT leaders on cybersecurity threats. When asked, "Do you think the level of internet security threats has increased in the last year?," eight panelists said yes, while four said no.
"The number and sophistication of the internet security threats is steadily increasing, and markedly up from last year," said Keith Golden, CIO, Econolite Group, Inc. "Well-crafted spear phishing attacks are now an everyday occurrence across our enterprise."
N'Gai Oliveras, IT director at the Office of the Comptroller of Puerto Rico, agreed. "Unfortunately, we are seeing more sophisticated social engineer attacks (i.e. phishing emails related to ransomware) in our environments directed to our users, and some of them are falling for it," Oliveras said.
Oliveras recommends increasing training for end users as one solution. "In these times, we in senior management need to be more focused on providing more security awareness trainings to our users, instead of looking for more ways to strengthen our networks," he said. "In my opinion, our users are the most effective line of defense in our networks."
Along with the growth of various types of attacks, smartphones and other mobile devices are posing a large security risk, said Chuck Elliott, vice president of information technology and CIO of Concord University.
A recent Tech Pro Research survey found that 45% of employees felt mobile devices were their company's weakest security link. In another survey earlier this year, 47% of workers said that almost all employees at their company used either company-provided or personal devices for work purposes.
"We should all be highly motivated to continue minimizing threats and intrusions, and increase our efforts to educate users of our networks," Elliott said.
Florentin Albu, CIO of Ofgem E-Serve, said he believes internet security threats have increased on two dimensions, following a constant rate of growth year-on-year. First, "they have become more sophisticated, with new tools and exploits coming to life," Albu said. Second, "ransomware has continued to expand into becoming something of a commodity of the malware world."
It's also worth noting that some of these tools appear to be associated with past initiatives carried out by state actors, Albu added.
David Wilson, director of IT services at VectorCSP, said the issue is nuanced. "I don't believe the number of new threats has gone up," he said. "But I believe the number of people trying to use 'old' internet threats has gone up."
Some CIOs said that they did not believe the level of internet security threats increased recently. According to Simon Johns, IT director at Sheppard Robson Architects LLP, "It has appeared to have remained absolutely static, in terms of what we see coming through our gateways and firewalls."
While hackers have found new ways to get into company systems, the actual number of threats remain the same, said Corey Peissig, vice president of technical operations at Optimal Blue. "The specific methodologies for exposing vulnerabilities has morphed, but I don't believe the level of threats has changed," he said.
Others said that more awareness and media coverage have created a perception that attacks have grown more than they actually have. "The awareness is greatly increased, as home network hacks (i.e. webcams) are A. being discovered (finally) and B. being reported in the mainstream news," said Scott C. Smith, founder of After August Entertainment.
This month's CIO Jury was:
- Simon Johns, IT director, Sheppard Robson Architects LLP
- Florentin Albu, CIO, Ofgem E-Serve
- Dan Gallivan, director of information Technology, Payette
- Keith Golden, CIO, Econolite Group, Inc.
- David Wilson, director of IT services, VectorCSP
- Dale Huhtala, executive director of infrastructure operations, Service Alberta
- Madhushan Gokool, IT manager, Storm Model Management
- Michael R. Belote, CTO, Mercer University
- Scott C. Smith, founder, After August Entertainment
- Corey Peissig, vice president of Technical Operations, Optimal Blue
- Chuck Elliott, vice president of Information Technology & CIO, Concord University
- N'Gai Oliveras, IT director, Office of the Comptroller of Puerto Rico
Want to be part of TechRepublic's CIO Jury and have your say on the top issues for IT decision makers? If you are a CIO, CTO, IT director, or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic's CIO Jury pool, click the Contact link below or email me, alison dot denisco at cbsinteractive dot com, and send your name, title, company, location, and email address.
- Report: Despite growing security threats, CXOs struggle to find cybersecurity professionals (TechRepublic)
- Easy to carry out, difficult to fight against: Why ransomware is booming in 2016 (ZDNet)
- Security breaches: How small businesses can avoid a HIPAA lawsuit (TechRepublic)
- Security TV: Ignore the email threat at your peril (ZDNet)
- How to avoid ransomware attacks: 10 tips (TechRepublic)