// archives


This tag is associated with 1 posts

Cyberattacks on the rise – or is it higher detection?

While I try to talk not only about US related topics I would like to draw today’s attention to the Fiscal Year 2010 Report to Congress on the Implementation of The Federal Information Security Management Act of 2002 by the Office of Management and Budget (yes I know – sounds exciting). The interesting aspect is that their findings show that U.S. federal agencies had a 39% higher cyber incident affection in 2010 than the previous year. This certainly is a steep increase and something to look at closely. If we look at the attack vectors the use of malicious code (e.g. phishing virus etc) continues to be the most widely used attach approach (30.8%). On the defense side,  66% of IT assets are being managed with an automated asset management capability and 51% have an automated vulnerability management capability.

While the increase is in my view certainly also the effect of an increase in cybercrime, some experts say that it is – at least partly – the effect of a more mature detection capability. We are often behind the attackers in our defensive means and this then leads to the question on how high the level of cyberattacks really are. How much do we detect? How much is reported? Any thoughts?

I appreciate the openness of the reporting by the U.S. white house and can only encourage other nations to do the same. What we need for this though is a cybersecurity law or something similar as a basis. This in turn can then serve as the framework for cooperation and coordination and increase efficiency in detecting and responding to attacks. A first step in knowing what the threat really is and the basis for a better response.

About the Author

Reto is partner at PwC Switzerland. He is leading the Cybersecurity practice and is member of PwC Digital Services leadership Team. He has over 15 years work experience in an information security and risk focused IT environment. Prior to working at PwC he was Microsoft's Chief Security Officer for Western Europe and also has work experience as group CIO, Chief Risk Officer, Technical Director and Program Manager.

more about me and contact info

replica Rolex