Anonymous Drives Security Fears, But Not Spending

[InfoSec News <alerts () infosecnews org>]

http://www.informationweek.com/news/security/attacks/232900691

By Mathew J. Schwartz
InformationWeek
April 23, 2012

Who are the groups voted most likely to lob cyber attacks at companies 
over the next six months? That would be the hacktivist set, including 
Anonymous, LulzSec Reborn, and their ilk.

So said 61% of 1,900 IT and information security personnel recently 
surveyed by endpoint security firm Bit9. Interestingly, however, the 
survey also found that actual information security program spending 
doesn't track this threat analysis.

Instead, most businesses are devoting the majority of their security 
resources to stopping what they see as the most prevalent attack 
techniques: malware (for 45%), as well as spear phishing (16%). 
Interestingly, both of these types of attacks--often used as part of 
advanced persistent threats (APTs)--are the hallmark not of hacktivists, 
but rather criminal enterprises, nation states, or sometimes even 
competitors. Although only 20% of respondents overall ranked corporate 
competitors as their most likely attackers in the next six months, 
one-third of all European respondents listed corporate espionage as 
their top threat concern.

Businesses spent markedly less to battle typical hacktivist attack 
vectors, such as SQL injection hacks or distributed denial-of-service 
(DDOS) attacks.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org