Lack of Confidence in Handling a Breach

Wednesday, February 19, 2014 @ 04:02 PM gHale


Security is all about keeping systems up and running while slowing down any potential attack so security professionals can find it and then eradicate it. Pretty simple, right?

One problem is security professionals are not confident in their ability to quickly detect and find the source of a breach, and many fear they will fumble their incidence response efforts, a new study found.

RELATED STORIES
Internal Security Breaches Biggest Threat
Report: Execs Still Lack Security Understanding
Senior Mgt Biggest Security Violators
SMBs Not Really Security Aware – Yet

Security professionals remain worried they would not know the root cause of a breach, or that they would be able to prioritize their responses, according to survey conducted by the Ponemon Institute and sponsored by security company AccessData.

“When a CEO and board of directors asks a security team for a briefing immediately following an incident, 65 percent of respondents believe that the briefing would be purposefully modified, filtered or watered down” because of a lack of information, the study said.

“Additionally, 78 percent of respondents believe most CISOs would make a ‘best effort guess’ based on limited information, and they would also take action prematurely and report that the problem had been resolved without this actually being the case.”

“One of the things I found interesting was that so many of the respondents felt they would have to ‘fudge’ their reports to the CEO,” said Larry Ponemon, founder and director of the Ponemon Institute. “They’re not confident at all in their data.”

Eighty-six percent of respondents said detection of a cyber attack takes too long in their organizations. Eighty-five percent said they are unable to properly prioritize alerts and incidents as they occur. Seventy-four percent said there is poor or no integration between their security point products, which makes it hard for them to respond effectively to new incidents.

“They’re getting alerts from their SIEM [security incident and event management] tools, from FireEye [malware analysis tools], and from Palo Alto Networks [next-generation firewalls], and they have no way to figure out which alerts to prioritize and which ones they should really care about,” said Craig Carpenter, chief cybersecurity strategist at AccessData.

Forty percent of respondents said none of their security products allows the import of threat intelligence data from other sources, the study said. Fifty-four percent said they are not able to or unsure of how to locate sensitive data, such as trade secrets and personally identifiable information (PII), on mobile devices.

“What this data tells us is that security pros are absolutely missing things when they’re analyzing threats and doing incident response,” Carpenter said. “They can’t get the evidence they need to identify the source of the attack.”

Click here to register for the report.



Leave a Reply

You must be logged in to post a comment.