Research: Majority Of Business Leaders Underestimate Risk Of Advanced Cyberthreats
NetWitness Corp. recently announced the results of a research study by the Ponemon Institute on advanced threat prevalence, impact and preparedness. The study demonstrates that a vast majority of enterprises of all sizes regularly fall victim to advanced cyber threats, at the same time, more than half of these organizations recognize their defensive technologies, personnel and budget as "inadequate."
The group of nearly 600 IT and IT security leaders provided insight into a wide variety of issues and concerns surrounding business risk and the security of enterprise technology environments.
"Information security is not a set-it-and-forget-it proposition," said Larry Ponemon, chairman and founder of the Ponemon Institute. "In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag. More than 70 percent of organizations reported that advanced threats are evading traditional security stalwarts such as AV and IDS. The stakes could not be higher since nearly half of the sample group has also experienced the loss of critical business information as a result of a successful attack."
With more than 83 percent believing that their organizations have been recently targeted by advanced threats (41 percent citing they are frequent targets) the need for training security personnel and using new methods for attack detection and remediation is a growing requirement.
Detection of advanced threats is low:
- 46 percent took one month or longer to detect an advanced threat.
- 45 percent discovered the attackers "by accident".
- 47 percent rely on either ad hoc activities or manual analysis to detect advanced threats.
Changes are required across the board:
- 81 percent felt that their leadership lacked awareness of the seriousness of the business risks associated with advanced threats.
- Only 24 percent agreed that prevention or quick detection of advanced threats is a top security priority in their organization.
- Only 32 percent reported that their security-enabling technologies are adequate.
- Only 26 percent reported security personnel are adequate to deal with advanced threats.
"The Ponemon Institute study provides the first true industry insight into the deep concerns of commercial and government organizations in the U.S. regarding advanced threats," said Nick Lantuh, president of NetWitness Corp. "It is clear from these statistics that organizations are experiencing both the frustration and the material losses associated with advanced threats, and are seeking better ways to mitigate these serious risks to their critical business operations. This study validates what we have been hearing regularly over the last several years, and reinforces the urgency for organizations to adopt NetWitness to obtain the clarity and definitive answers required to inform and enable better risk management and business decisions around advanced threats."