The 2014 U.S. State of Cybercrime Survey revealed that hackers trying to break into computers are more technologically advanced than the teams that are trying to prevent them from doing so.
The survey, which was co-sponsored by PricewaterhouseCoopers, the CERT division of Carnegie Mellon University's Software Engineering Institute, CSO magazine and the United States Secret Service, involved 500 executives from U.S. companies, law enforcement services and government agencies.
"One thing is very clear: The cybersecurity programs of US organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries. Today, common criminals, organized crime rings, and nation-states leverage sophisticated techniques to launch attacks that are highly targeted and very difficult to detect," the report said.
According to the survey, three out of every four respondents experienced a breach in security during the past year, with an average number of 135 instances of compromised security per organization. 28 percent of respondents said that the attacks were done from the inside by contractors, service providers, or current and former employees, and 14 percent of respondents said that the monetary losses that they incurred due to cybercrime increased.
The report noted that cybercrime has been ranked by the United States Director of National Intelligence as a top security threat in the country, higher than even terrorism, espionage, and weapons of mass destruction. The top five methods for attacks in cybersecurity are malware, phishing, network interruption, spyware, and denial-of-service attacks.
The report also noted that a current trend in fighting cybercrime is that both public and private organizations are beginning to work together, as countering cybercrime is daunting for any single organization to do on its own.
The launch of the National Institute of Standards and Technology's Cybersecurity Framework, which is a collection of the best practices and standards of security that are developed by the institute, will boost the chances of collaborating organizations against cybercrime.
In addition to cooperation that would gather intelligence against security threats, the report recommended that organizations should invest in proper processes, technologies and training for their employees to prevent security breaches.
"Internal threats have long been a part of the security landscape for enterprises," said Charles King, a Pund-IT principal analyst. "While some incidents are criminally related (theft of IP, etc.) others stem from simple mistakes, like people erroneously attempting to access documents or portions of the company Intranet for which they are not approved."
