Anonymous the Biggest Security Worry in IT, Bit9 Survey Says

However, respondents say the biggest risks are in attacks from cyber-criminals or nation-states, like Russia and China, the company found.

The hacker group Anonymous seems to be getting into the heads of IT professionals, according to a new survey by security software vendor Bit9.

The "Bit9 2012 Cyber-Security Survey," released April 23, found that while 61 percent of the 1,861 IT enterprise security professionals who responded believe Anonymous or similar €œhacktivist€ groups were most likely to attack, most say the greatest danger may lie elsewhere.

€œThe survey results put a spotlight on an interesting contradiction: On the surface, people are most afraid of embarrassing, highly publicized attacks from hacktivist organizations like Anonymous, but they recognize that the more serious threats come from criminal organizations and nation-states,€ Bit9 CTO Harry Sverdlove said in a statement. €œBit9€™s survey highlights how the quickly changing cyber-criminal landscape is impacting IT professionals worldwide and illustrates what strategies organizations are implementing to protect their core data and intellectual property from cyber-security threats.€

Following Anonymous and similar hacktivist groups on the list of attackers most likely to target companies were cyber-criminals, at 55 percent, and nation-states€”in particular China and Russia€”at 48 percent, Bit9 found.

However, 62 percent of the respondents said they were most concerned about targeted attack techniques€”in particular, malware at 45 percent, and spear-phishing at 17 percent€”which are more commonly used by cyber-criminals and state-sponsored attacks. Hacktivist groups like Anonymous tend to use distributed denial-of-service (DDoS) attacks€”11 percent were most worried about those kinds of attacks€”or SQL injection, which came in at 4 percent.

Anonymous is a loosely organized collective of hackers that tends to have a social message behind their attacks rather than a financial motive. The hackers, which over the past year have targeted various government agencies and businesses worldwide, have been fairly active in the first four months of this year. The group has attacked security agencies that were believed to have helped authorities track down members of Anonymous or a similar group, LulzSec.

In addition, in recent weeks, an Anonymous chapter in China has attacked the Websites of government agencies and businesses in that country, while government Websites in England were attacked to protest that country€™s extradition agreement with the United States.

Most recently, members of Anonymous took credit for attacks on U.S.-based telecommunications trade groups€”TechAmerica and USTelecom€”which both have thrown their support behind the controversial Cyber-Intelligence Sharing and Protection Act (CISPA), a bipartisan bill designed to better enable U.S. government agencies and businesses to voluntarily share information about cyber-attacks.

In other findings from the Bit9 survey, 77 percent of respondents said that companies and employees are best-positioned to improve security. About 58 percent said companies that implement best practices and better security policies are the best defense against cyber-attacks, while 19 percent said individual employees play a key role. Seven percent of respondents said government laws and regulations are the best way to improve security.

IT professionals also don€™t seem to have a lot of confidence in their endpoints. According to the Bit9 survey, only 26 percent said the security of their endpoints, desktops and laptops is effective. In addition, 95 percent of the respondents said cyber-security breaches should be disclosed to customers and the public alike.