Most secure organizations also concerned about nation states With all of the cybersecurity legislation activity in Washington, GAO Director of Information Security Issues, Gregory Wilshusen, testified before the Homeland Security Committee in the House of Representatives this week. Director Wilshusen described sources of cyber threats including botnet operators, criminal groups, hackers, insiders, and nations. Which of these pose the greatest threat? Wilshusen didn’t say but many experts have been sounding the alarm around nation states, specifically the People’s Republic of China. It is interesting to note however, that enterprises have greater concerns with other adversaries. In a recent survey of 244 enterprise security professionals (i.e. those working at organizations with 1,000 or more employees), ESG asked them to identify the groups that pose the greatest security threat to their organization (in terms of launching a targeted attack against them such as an Advanced Persistent Threat). The results were as follows (note: multiple responses were permitted):1. Hacktivists (defined as groups who use computer hacking as a form of protest or civil disobedience), 46%2. Organized crime, 42% 3. Competitors conducting industrial espionage, 41%4, Nation state, 34% 5. Terrorist organization, 28%6. None of the above, 5% The research was focused on APTs so ESG also segmented survey respondent organizations into three categories: Most prepared for APTs, somewhat prepared for APTs, and poorly prepared for APTs. Those most prepared were also paranoid. For example, 54% the most prepared organizations thought nation states posed the biggest threat as compared with 34% of the total survey population. Clearly, security professionals, those with the most experienced cybersecurity experienced, are very concerned. This data can be added to Director Wilshusen’s expert testimony and hopefully help to educate congressman about the cyber threats our nation faces. Based upon ESG data and years of experience, I believe that cybersecurity legislation should be governed by facts, common sense, and public safety rather than political or financial agendas. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe