Cyber crime: A clear and present danger
Combating the astest growing cyber security threat
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary o Deloitte LLP.Please see www.deloitte.com/us/about or a detailed description o the legal structure o Deloitte LLP and its subsidiaries.
Threats posed to organizations by cyber crimes haveincreased aster than potential victims—or cyber securityproessionals—can cope with them, placing targetedorganizations at signicant risk. This is the key nding oDeloitte ’s review o the results o the 2010 CSOCyberSecurity Watch Survey, sponsored by Deloitte andconducted in collaboration with
, the U.S.Secret Service, and the CERT Coordination Center atCarnegie Mellon (see sidebar on page 4).This whitepaper reports several key results o this surveyand Deloitte’s interpretation o key survey results. By itsnature, interpretation goes beyond simple reporting oresults (which is not our goal here) and may promptdisagreement or even controversy. Deloitte believeshowever, that some o the ndings point to signicantincongruities between the views o many surveyrespondents and the current reality o cyber crime. Giventhat the survey respondents include mainly executives andproessionals responsible or the security o theirorganizations’ IT environments, such incongruities areworth examining.Our view is that the growth o the threat o cyber crimehas outpaced that o other cyber security threats. Fromour perspective, the 2010 CSO CyberSecurity WatchSurvey, viewed in the light o our experience, indicates thatcyber crime constitutes a signicantly more common andlarger threat than respondents recognize. Indeed, drivenby the prospect o signicant prots, cyber crimeinnovation and techniques have outpaced traditionalsecurity models and many current signature-baseddetection technologies.Today’s cyber criminals are increasingly adept at gainingundetected access and maintaining a persistent,low-prole, long-term presence in IT environments.Meanwhile, many organizations may be leaving themselvesvulnerable to cyber crime based on a alse sense osecurity, perhaps even complacency, driven by non-agilesecurity tools and processes. Many are ailing to recognizecyber crimes in their IT environments and misallocatinglimited resources to lesser threats. For example, manyorganizations ocus heavily on oiling hackers and blockingpornography while potential—and actual—cyber crimesmay be going undetected and unaddressed. This hasgenerated signicant risk exposure, including exposure tonancial losses, regulatory issues, data breach liabilities,damage to brand, and loss o client and public condence.