Poll: Greatest Cyber Risk Driven By Remote Network Access, Embedded Malicious Code -- Security Today

Poll: Greatest Cyber Risk Driven By Remote Network Access, Embedded Malicious Code

Jan 08, 2010

More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today.

The executives were polled recently during the Deloitte Webcast, "Combating Cyber-Threats from the Underground Economy: A View from the Front Lines."

"Cyber attacks today are not only about identity theft, but about stealing information behind companies' firewalls," said Mark White, principal, Deloitte Consulting LLP and the Webcast moderator. "An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited."

Richard Baich, a principal in Deloitte & Touche LLP's Security & Privacy practice and a webcast presenter, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts.

"The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems, which routinely evade present-day security controls," Baich said.

Baich also stated that cyber criminals are now able to target specific individuals within an organization, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organizations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.

"This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs," said Baich. "Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems.

"Data is more valuable than money. Once money is spent it is gone. Data can be reused and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said 'because that is where the money is.' Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games.”

Other polling results included:

Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
62.2 percent of respondents did not know how their organization understands what data is leaving the company's network, though 14.1 percent did confirm that their organizations were using a data loss prevention solution.
41.4 percent reported that they did not know how their organizations found compromised devices inside of their network.
More than a quarter (27.4 percent) indicated their organizations rely on some type of antivirus and intrusion detection system.

Peter Makohon, senior manager, Deloitte & Touche LLP and a webcast presenter, told participants that "cyber crime may already be in their neighborhoods" and cited the following issues facing executives:

Current signature-based information security controls are not effective against sophisticated, cyber threats and exploits, which are evolving at a phenomenal rate.
Companies lack the automated systems and skilled analysts to rapidly analyze, identify, contain, analyze and remediate compromised devices.
Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
Organizations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.

HID Signs Agreement to Acquire Calmell Group
07/10/2025
HID and ASSA ABLOY Recognized with Renowned Red Dot Award for Innovative Biometric eGate Design
07/09/2025
Security Industry Association Announces Program for 2025 AcceleRISE Conference
07/07/2025
SIA Opens Applications for 2025 Denis R. Hébert Identity Management Scholarship
07/07/2025
Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025

Featured

Sustainable Video Solution Delivered for Landmark City of London Office Development

An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now
- Facility Security
DHS to End ‘Shoes-Off’ Travel Policy

Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now
- Airport Security
AI to Help Resolve Non-Emergency Calls Across Utah and Decrease 911 Caller Wait Times

The Utah Communications Authority (UCA), which oversees the state’s next generation 911 technology services, recently announced that public safety answering points (PSAPs) throughout the state plan to implement Motorola Solutions’ Virtual Response technology to automate the receipt and resolution of 10-digit non-emergency line calls in Utah with the help of AI. Read Now
- Government
Report: 2025 Video Surveillance Market Set to Grow After Small Decline in 2024

Novaira Insights has unveiled its latest report, “World Market for Video Surveillance Hardware and Software – 2025 Edition.” The research indicates that the global market for video surveillance hardware and software experienced a slight decline of 0.3% in 2024. This performance fell short of previous forecasts, primarily due to a significant decrease of 7.8% in the Chinese market. Conversely, the rest of the world saw a growth of 4.9%. The global market for video surveillance equipment was estimated to be worth $25.0 billion in 2024. Read Now
- Video Surveillance
Report Reveals Local Governments Face Surge in Ransomware Attacks with Minimal Resources

KnowBe4, the cybersecurity platform that comprehensively addresses human risk management, recently released new research highlighting the critical cybersecurity challenges facing state, local, tribal, and territorial (SLTT) governments. The report details how government organizations have become prime targets for cybercriminals while simultaneously facing severe resource constraints. Read Now
- Government

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
Unified VMS

AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities