Targeted attacks remain a concern for security professionals, as many admit to suffering attacks and data loss

News by Dan Raywood

Half of UK-based IT security professionals believe that their organisation is a target of organised cyber crime.

Half of UK-based IT security professionals believe that their organisation is a target of organised cyber crime.

Research by IronKey found that 45 per cent of professionals are fearful of an attack, while 31 per cent revealed that they had suffered at least one cyber attack in the last 12 months.

The survey of 120 professionals hosted by SC Magazine during March this year, also found that 54 per cent of respondents said that accidental data leakage by staff, contractors or vendors was the biggest threat to their organisation today. Only ten per cent feared external attack on networks and systems and 13 per cent saw Trojans that steal data, money or sabotage systems as a significant threat to their organisation.

While 44 per cent of respondents believed an untrusted desktop or laptop is the most vulnerable location for an advance persistent threat attack, it appears respondents prefer traditional methods, such as end-user education (44 per cent) or anti-virus (29 per cent) as opposed to technology that isolates user and data from threats (19 per cent), as the most effective tool to prevent APT attacks.

Dave Jevans, founder and chairman of IronKey and the Anti-Phishing Working Group, said that the results do not come as a shock, as the past 12 months has seen some of the biggest and most successful cyber attacks the industry has ever witnessed.

“Unfortunately, end-user education and anti-virus were all in place at organisations that suffered painful losses as a result of APT attacks. Doing the same thing over and over won't make the problem go away, criminals are only more encouraged. As an industry, we need to shift away from trying to be all knowing and detecting threats we can't know about until they happen. Instead, we need to isolate users of sensitive data and transactions away from the problem,” he said.

This week IronKey also announced the upcoming availability of the next version of its Trusted Access for Banking, saying that version 2.7 addresses the continuing needs of banks to isolate customers from the growing threat of crimeware and online account takeovers.

The new update includes IronKey's keylogging protection that blocks the capture of user credentials, one-time passcodes, challenge questions and other sensitive data that criminals can easily steal.

Kapil Raina, senior product manager at IronKey, told SC Magazine that last year it was offering one-time password obfustication, protecting the public cloud, but entering information into a computer is not sufficient, as you have to have enhanced security.

He said: “With security you always encourage and educate on capabilities, we have introduced anti-keylogging capabilities as that is the most attacked vector. Administrators can whitelist where a start page will be, a large enough user wants to do it as a service and wants to be doing a secure connection to the bank. You can say what you want to do and where to go to, those are the safe locations. This creates a private internet.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews