InformationWeek: A new survey of 1,900 IT and information security personnel by endpoint security firm Bit9 finds a disparity between the types of attacks staffers expect and the type of attacks they are spending to prevent. A majority of those surveyed (61 percent) said that the groups most likely to attack their companies in the next six months were hacktivists, like those from Anonymous and LulzSec. However, they aren’t spending a lot of money on tools to combat the SQL injection hacks or distributed denial-of-service (DDOS) attacks favored by hacktivists. Instead, companies are spending more money to combat malware (45 percent) and spear phishing (16 percent), attack vectors common with advanced persistent threats, such as corporate or state-sponsored espionage.
“The difference is, if you’re attacked by a hacktivist organization, you might see your data posted immediately to the Web,” said Bit9’s Harry Sverdlove. “If you’re attacked by a criminal enterprise, you might start seeing a trickle of compromised accounts after a few months. If you’re attacked by a nation state, you might never find out about that.”