Study: 1 in 5 big firms attacked by hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.thelocal.de/20150727/one-in-five-big-german-firms-has-been-hacked


Companies with more than €1 billion in returns were the most at risk
according to the report by international professional services firm Ernst
and Young, with one-fifth reporting concrete evidence of cyber attacks.

The report said what was more troubling was that one in five attacks were
only detected by accident and companies seem to largely be relying on
simple technology for protection.

“The continued carelessness of many companies is surprising,” said Ernst
and Young Forensic Technology & Discovery Services leader Bodo Meseke in a
statement. “They think that they are sufficiently protected or would not be
a target of data theft and cyber-attacks.

"This shows that there are always new revelations that anyone can be a
target of such attacks and the common protection mechanisms can be
circumvented,” he continued.

Ernst and Young surveyed the CEOs and senior IT executives of 450 German
companies.

They found that 80 percent of companies stick to just simple protection
strategies, such as putting up firewalls, antivirus software and having
good passwords.

About 30 percent of companies use more extensive protections such as
intruder detection and prevention systems that can indicate when hacker
activity is taking place. This figure is twice as high as in 2013, but the
report said it is still too little.

“This is negligence,” said Meseke. “Passwords and antivirus software can be
very quickly circumvented by hackers today, within minutes… Firms that have
sensitive company or client data on their servers should definitely
introduce more stringent security measures.”

The report said that though smaller companies reported fewer attacks than
big ones, the actual number of attacks they experience could be much higher
because they do not have sufficient technology to detect attacks.

In 74 percent of attacks, hackers went after electronic data processing
systems, while in 21 percent of cases IT-systems were attacked. Client and
employee data was tapped into in 11 percent of cases while 10 percent of
cases were committed by a company’s own employee.

In nearly half (48 percent) of cyber security breaches cases, the hacker
remained unknown and 18 percent of attacks were committed by “hacktivist”
groups like Anonymous.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!