A new report finds that American businesses and institutions are failing to meet the cybersecurity threat posed by hackers at home and abroad.
"One thing is very clear: The cybersecurity programs of U.S. organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries," finds the 2014 U.S. State of Cybercrime Survey. "Today, common criminals, organized crime rings, and nation-states leverage sophisticated techniques to launch attacks that are highly targeted and very difficult to detect."
Syria, Iran and Russia are cited as a "a particularly pernicious threat."
The authors of the report—PricewaterhouseCoopers, the CERT division of software engineering at Carnegie Mellon, CSO magazine, and the U.S. Secret Service—say their findings are based on a survey of more than 500 U.S. business executives, law enforcement services and government agencies, as well as previous research and recommendations provided by the National Institute of Standards and Technology.
The report lays out the mounting threat to infrastructure systems like gas pipelines and the electrical grid as well as the disproportionately high financial costs of cybercrime in America compared to the rest of the world's organizations.
The report advises companies to invest in protecting the "crown jewels" of a company, such as customers' financial information for a retailer and trade secrets for a pharmaceutical company. Several large companies, including Target and eBay, have recently admitted being infiltrated by hackers. In Target's case, an estimated 40 million customers had credit and debit card data stolen.