Skip to main content

Edward Snowden leaks still haunt business cyber security

It's no surprise that companies altered their security practices in light of the Edward Snowden and the NSA uproar. According to ThreatTrack Security's recent study on IT and security managers employed by US defence contractors, the aftermath of the data breaches have changed companies' cybersecurity practices and policies in more ways than one.

The big findings

ThreatTrack Security revealed some notable discoveries in their survey. Over fifty per cent of the respondents claimed their employees now receive more cybersecurity awareness training and companies have reviewed or re-evaluated employee access privileges.

Forty-seven per cent are on higher alert for abnormal network activity by employees and 41 per cent have implemented stricter hiring practices. Interestingly, 39 per cent of the respondents claim their own IT administrative rights have been restricted.

The survey additionally looked at whether data breaches are being reported, the most difficult aspects of cyber defence, and whether senior leaders' risky online behaviour is the cause of malware infections. Other topics the report tackled were the question if the government is providing proper guidance and support for cyber defence, and whether contractors are worried if their organisation is vulnerable to more sophisticated cyber threats.

IT Getting The Support They Need?

Most respondents stated they trust the government's guidance on how to protect sensitive data and nearly 90 per cent felt that they receive what they need to support that protection. Contrarily, 62 per cent are still concerned that their organisation is vulnerable to advanced persistent threats (APTs), targeted malware attacks, and more sophisticated cyber-espionage tactics. Defending against advanced malware is difficult because of the volume and complexity of the malware attacks.

A common complaint among the respondents was the shortage of malware analysts on staff. One of the reasons for this issue is because while the IT security staff routinely checks new malware sample analyses, they have to clean malware off of their executives' devices—viruses that comes from pornographic sites or malicious links in phishing emails.

While the study is certainly food for thought, the findings are from a fairly small sample size. The survey included only one hundred IT/security managers or staff members who work in defence contractor organisations that handle data for the US government. The effects of Snowden's actions is likely to continue to influence cybersecurity awareness and practices.