The Latest in IT Security

Snowden Leaks Spark Defense Firms to Change Security Practices: Survey

04
Feb
2014

Survey: 75% of Defense Contractors Says Leaks by Edward Snowden Have Changed Their Company’s Security Practices

According to the results of a survey conducted by ThreatTrack Security, the leaking of classified NSA documents by Edward Snowden has resulted in defense contractors changing their companies’ cybersecurity practices.

ThreatTrack Security published the study looking to shed light on the attitudes of IT and security managers working at U.S. defense contractors in the wake of the Edward Snowden’s leaking of classified documents related to some the NSA’s spying tactics.

According to the results of the survey, 75% of respondents said that the Edward Snowden incident has changed their companies’ cybersecurity practices in one of the following ways:

• 55% say their employees now receive more cybersecurity awareness training

• 52% have reviewed or re-evaluated employee data access privileges

• 47% are on higher alert for anomalous network activity by employees

• 41% have implemented stricter hiring practices

• 39% say their own IT administrative rights have been restricted

In terms of access to sensitive data, 63% of the survey respondents hold either secret, top secret or confidential clearances, ThreatTrack said. However, of those who have access to or store confidential information, 27% said they do not hold such clearances. “This represents a potential privileged access problem wherein contractor employees without such clearances may have easy access to sensitive government data,” ThreatTrack warned.

“In addition to revealing how their security practices have changed in light of the Edward Snowden incident, the survey also explored subjects such as whether data breaches are being reported, what the most difficult aspects of cyber defense are, whether senior leaders at contractor organizations are being infected by malware due to risky online behavior, whether the government is providing proper guidance and support for cyber defense, and whether contractors are concerned that their organization may be vulnerable to sophisticated cyber threats.

Cyber-Attack Volume and Complexity Still a Problem

The survey found that88% of respondents felt that they “get what they need in terms of support” fromgovernment guidance on how to protect sensitive data. However, 62% still reported that they are concerned their organization is vulnerable to APTs, targeted malware attacks and sophisticated cybercrime and cyber-espionage tactics. The two most difficult aspects of defending against advanced malware, the survey showed, were the volume of malware attacks (61%) and the complexity of that malware (59%).

An additional 29% said there is not enough budget for the right tools, and 22% indicated they don’t have access to an automated malware analysis solution, according to ThreatTrack Security, which sells malware analysis tools.

“It’s interesting to note that while defense contractors seem to have better security practices in place and are more transparent than many companies in the private sector, they are finding the current cyber threat onslaught just as difficult to deal with,” said ThreatTrack Security President and CEO Julian Waits, Sr. “Well over half are concerned that they are vulnerable to targeted attacks and cyber-espionage, and given the type of data they are handling and storing, we think that number needs to get a lot smaller – and fast.”

Not surprisingly, the Snowden leaks have had a stronger impact on companies with smaller IT security budgets, while contractors with budgets of $1 million or more reported fewer changes, the survey showed. According to ThreatTrack, this is likely because companies with bigger budgets and more resources may already feel they have the tools and policies they need.

Additionally, the study revealed that 8% said they were aware of a data breach at their company that had not been reported to customers, partners or government agencies with which they contract. This compared to nearly 6 in 10 malware analysts at U.S. enterprises who said they were aware of breaches that were unreported.

The independent blind survey of 100 IT/security managers or staff within defense contractor organizations that handle data for the US government was conducted by Opinion Matters on behalf of ThreatTrack Security from November 2013 to January 2014.

“It is clear the Edward Snowden affair has had a profound impact on U.S. defense contractors, especially among smaller companies, forcing them to re-evaluate policies and get more stringent with hiring and data access privileges,” the report concluded. “Nevertheless, contractors believe government guidance on security practices is adequate, though they still feel vulnerable to cybercrime.”

Additional details from the survey can be found here(PDF).

Tweet

Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Snowden Leaks Spark Defense Firms to Change Security Practices: SurveyWhiteHat Security Founder Jeremiah Grossman Takes Role as Interim CEO Microsoft Names Head of Cloud and Enterprise Group Satya Nadella as CEOWhite Lodging Says 14 Properties Compromised in Point-of-Sale AttackCorero Launches New DDoS Protection Appliances for Service Providers

sponsored links

Tags: NEWS INDUSTRY

Risk Management

Malware

Management Strategy

Comments are closed.

Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments