Security Breach Fantasy Land

Friday, June 14, 2013 @ 02:06 PM gHale


When it comes to large organizations, they either have quality security programs or they are living in a dream world.

That is because 66 percent of them said they either had not experienced a security incident in the last 12-18 months or were unsure if they had, according to network security provider Lancope’s survey.

RELATED STORIES
Botnet Hurt, so are Researchers
P2P Botnets Keep Growing
Global Cybercrime Botnet Breached
Reworked Trojans a Major Threat

If these companies live anywhere close to reality, it is unlikely none of these organizations experienced incidents during that time frame.

“Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter,” said Tom Cross, Lancope’s director of security research. “I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes – and this is a significant problem.”

With the constant barrage of external scanning, phishing attacks and malware served up by websites, not to mention sophisticated, targeted attacks and insider threats, large companies face a constant security challenge.

“Any organization needs to know whether or not they’ve been subject to a security breach, and if companies believe they have not, the question may be are they really aware of everything that is happening on their networks?” Cross said.

The respondents said the most common incidents they were aware of were malware (18 percent) and distributed denial of services (DDoS) at 16 percent, with insider attacks coming in at 12 percent.

“DDoS will break your infrastructure, which hopefully an organization would know about pretty quickly,” Cross said. “Similarly, malware is relatively easy to detect as your antivirus software will often find it on your network. Insider attacks are much less common in terms of total incident count compared to those launched by outsiders, but, on rare occasions, they can result in millions of dollars in losses.”

While 25 percent of respondents said reputational damage was the worst impact a security incident had on their organization, 21 percent said they had suffered a financial loss and 13 percent had lost intellectual property.

An interesting side note saw 38 percent said they saw no impact at all. Any security incident has some sort of impact on a company, be it having to clean up an infection or address whatever security issues led to it in the first place.

It is possible to contain the cost of an incident if an organization has a good incident management program in place and can quickly identify which systems suffered a compromise. The average cost to a large organization for its worst security breach in 2013 was $706,000 to $1.3 million.

With businesses constantly allowing new technology within their enterprise, as well as enabling it to be functional and somehow fit it into existing infrastructure, it’s not surprising that over 50 percent of companies felt mobile devices/BYOD were the greatest security risk to their company.

There’s a real need to monitor these devices properly, understand their behavior and detect any type of infection. With better visibility into activity on the internal network, it is possible to identify infected devices, understand what they are doing in the environment and obtain an audit trail of network and host activity without having to install software agents on the devices themselves.

The risk of insider threats (32 percent) is also a worry to large organizations, as is a lack of network visibility (28 percent). Most organizations have strong perimeter defenses, designed to protect their networks against external attackers, but insufficient information to see what is happening within their network.

By collecting audit trails of activity occurring within the internal network, organizations can gain a sense of control as to what is happening within their environment, enabling them to investigate potential insider incidents and be confident they have effectively mitigated any risk. Other risks organizations worry about are advanced persistent threats (18 percent) and poor change management or operational controls (21 percent).



Leave a Reply

You must be logged in to post a comment.