NEW YORK, Jan. 25 /PRNewswire/ -- Survey numbers do not lie, nor do they always tell the whole story, which is precisely the focal point of a new report about the prevalence and seriousness of the threat of cyber crime, issued today by Deloitte's new Center for Security & Privacy Solutions (the Center).
In "Cyber Crime: A Clear and Present Danger," Deloitte offers a markedly different interpretation of the results of the 2010 Cyber Security Watch Survey, also released today, which was conducted by CSO Magazine and in partnership with the U.S. Secret Service and the Carnegie Mellon Software Engineering Institute (CERT), and sponsored by Deloitte. More than 500 IT security and law enforcement professionals from the private and public sector provided responses.
Among the key findings, the survey reports a decrease in cyber crime victims (60 percent vs. 66 percent in 2007). Deloitte, however, believes the majority of cyber crime attacks may be going undetected, as organizations focus their security efforts on preventing hackers, resulting in a false sense of security, perhaps even complacency, driven by non-agile security tools and processes. As a result, organizations may face significant risk exposure, including exposure to financial losses, regulatory violations, data breach liabilities, damage to brand, and loss of client and public confidence.
"Current security models are minimally effective against cyber criminals and many organizations appear to be largely unaware of that fact," said Ted DeZabala, principal, Deloitte & Touche LLP and national leader of Deloitte's Security & Privacy Services practice.
Additionally, Deloitte's companion whitepaper emphasizes the increased threats and dangers posed by organized crime and foreign entities, which can produce dire systemic and monetary impacts that many companies have not considered.
The 2010 Cyber Security Watch Survey rated hackers as the greatest cyber threat, over insiders, criminal organizations and foreign entities. However, Deloitte believes that the survey's respondents may have underestimated organized crime and foreign entities, instead focusing on unsophisticated attacks from hackers because they are the noisiest and easiest to detect.
"Cyber Crime: A Clear and Present Danger" also addresses the ways in which cyber security threats and risks have changed in recent years, how to more accurately assess them, and how to more effectively combat them. In particular, Deloitte recommends a continued risk-based approach to cyber security, along with a renewed focus and deeper analysis of an organization's inbound and outbound network traffic. As opposed to building a "great wall" against all threats, a cyber risk management process prioritizes threats, analyzes threats, detects a threat before, during, or after actual occurrence, and specifies the proper response, Deloitte notes.
Moreover, Deloitte believes that the major threats and risks to data, information, assets, and transactions are continually evolving, and that typical approaches to cyber security are not nearly keeping pace. "It's time for more organizations to take a risk-based, intelligence-centric approach to fully address the threat of cyber crime. Simply put: This involves focusing on what information assets are at risk of leaving the organization through the IT environment as well as the threats entering the organization through the same means," said DeZabala.
Center for Security & Privacy Solutions
The new Center, which sponsored the 2010 CSO Magazine Cyber Security Watch Survey, combines Deloitte's own security research with insights from external global entities such as government, industry, academic and vendor communities to address a wide spectrum of security and privacy issues, including identity and access management, privacy and data protection, secure enterprise applications, operational resiliency and cyber threat and vulnerability management.
"The Center's purpose is to shed new light on evolving and persistent security and privacy issues; create innovative, transformational and sustainable solutions tailored to particular industries and enterprises that capture the value of emerging technologies; and leverage better strategies and approaches," said DeZabala, who also serves as leader of the Center.
In response to the continually evolving cyber threat landscape, the Center's first major innovative offering will be Cyber Threat Intelligence, aimed at helping organizations make valuable decisions using disparate information sources by fusing them into actionable intelligence for real time and continuous risk mitigation.
Deloitte's Center for Security & Privacy Solutions will be governed and guided by an advisory council consisting of leading Deloitte professionals, industry luminaries, eminent academic researchers, leaders of key trade associations, and other visionary practitioners.
For more information about Deloitte's Center for Security & Privacy Solutions, please go to the web site: www.deloitte.com/us/securityandprivacysolutions. To download the Deloitte whitepaper "Cyber Crime: A Clear and Present Danger," click here: www.deloitte.com/us/securityandprivacysolutions.
As used in this document, "Deloitte" means Deloitte & Touche LLP and Deloitte Services LP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.