Criminal syndicates constitute main source of cyberattack on companies in 2015, survey shows

The most likely sources of cyber attacks on companies in 2015 were criminal syndicates (59%), employees (56%) and hacktivists (54%), according to a survey by accountancy firm EY.

Last year’s results showed 53% felt criminal syndicates were a major threat.

“Cyber criminals can spend months inside organizations, finding information that they will store for a future attack or piecing information together that will get them to the prize they are after, they will also create measures to protect themselves from detection,” authors of the study say. “Sometimes they create diversionary tactics to draw attention away from what they are doing and where they have succeeded. Often the criminals will keep the stolen information and not use it for a while – at other times, they will share it among the cybercriminal community, spreading the direct threats to the company even further.”

State-sponsored attacks rank sixth, cited by 35% of the respondents this year, compared with 27% in 2014.

The top two vulnerabilities in 2015 are careless or unaware employees and outdated information security controls or architecture. In 2014 these vulnerabilities were perceived as high and highest priorities, but companies now feel less vulnerable in these areas. Today, only 44% feel vulnerable in relation to unaware employees, compared with 57% in 2014; only 34% feel vulnerable due to outdated systems, compared with 52% in 2014. Organizations believe they are covering their vulnerabilities more effectively, the study shows.

Some 20% of respondents cannot estimate the total financial damage related to cyber incidents in the last 12 months.

“Cybersecurity is more than a technology issue, and it cannot remain in the IT domain. It also cannot be the responsibility of any one member of the board – it affects every level of a business and every part of the C-suite in different, often subtle and not easily recognized, ways”, according to Ken Allan, EY’s Global Advisory Cybersecurity Leader.

The survey was conducted between June 2015 and September 2015 and included 1,755 respondents from 67 countries across all major industries.