Case Study:
Global State of Information Security Survey
The 2012 Global State of Information Security Survey is conducted by the consulting firm PwC US (Website-PricewaterhouseCoopers.pwc) and CIO and CSO magazines (PWC, 2012). According to this 9th annual survey of almost 10,000 security executives from 138 countries, only 72 percent of respondents were confident that their organization’s information security defenses were effective. Confidence in their defenses’ effectiveness had dropped significantly since 2006. Mark Lobel, a principal in PwC’s Advisory practice, explained: “Companies now have greater insights than ever before into the landscape of cybercrime and other security events—and they’re translating this information into security investments specifically focused on three areas: prevention, detection, and operational web technologies.” Advanced Persistent Threat (APT) Attacks A significant percent of respondents across industries agreed that one of the most dangerous cyber threats is an advanced persistent threat (APT) attack. APT is a stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time. APTs are designed for longterm espionage. Skilled hackers launch APT attacks to steal data Global State of Information Security Survey continuously (for example, daily) over months or years—rather than to cause damage that would reveal their presence. APT attacks target organizations with high-value information, such as national defense, manufacturing, and financial. APT threats are driving organizations’ cybersecurity spending because only 16 percent are prepared to defend against them. Cloud, mobile, and social expand exposure Cloud computing has complicated cybersecurity. For 23 percent of organizations, cloud technologies have worsened their exposure primarily because they cannot enforce or verify their cloud providers’ cybersecurity policies. In addition, mobile devices and social media expose organizations to new and significant threats.
Q1. What three areas are organizations focusing their infosec investments on?
Q2. Explain APT attacks.
Q3. What industries are at greatest risk of APT attacks? Why?
Q4. What is the largest perceived risk of cloud computing?
Your answer must be typed, double-spaced, Times New Roman font (size 12), one-inch margins on all sides, APA format and also include references.