Report: Execs Still Lack Security Understanding

Tuesday, January 21, 2014 @ 03:01 PM gHale

Most everyone understands the security threat that is out there. However, leaders in the executive suite are in the dark about potential cyber attacks against their companies, according to a new study.

As a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today’s organizations, said a Ponemon Institute report entitled, “Cyber Security Incident Response: Are we as prepared as we think?

Senior Mgt Biggest Security Violators
SMBs Not Really Security Aware – Yet
Firms Average 9 Targeted Attacks a Year
Tech. Industry Lags in Security Effectiveness

Commissioned by Lancope, the Ponemon Institute research surveyed 674 IT and IT security professionals in the United States and the United Kingdom who are involved in their organization’s CSIRT activities.

“If 2013 is any indication, today’s enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation states, malicious outsiders and determined insiders,” said Mike Potts, president and chief executive of Lancope.

“Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis.”

The study offers key recommendations for organizations looking to improve incident response:

Security incidents are imminent – 68 percent of respondents said their organization experienced a security breach or incident in the past 24 months. 46 percent said another incident is imminent and could happen within the next six months.

Management is largely unaware of cyber security threats – 80 percent of respondents reported they don’t frequently communicate with executive management about potential cyber-attacks against their organization.

Organizations are not measuring the effectiveness of their incident response efforts – 50 percent of respondents do not have meaningful operational metrics to measure the overall effectiveness of incident response.

Breaches remain unresolved for an entire month – While most organizations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.

CSIRTs lack adequate investments – Half of all respondents said less than 10 percent of their security budgets see use for incident response activities, and most said their incident response budgets have not increased in the past 24 months.

Network audit trails are the most effective tool for incident response – 80 percent of respondents said analysis of audit trails from sources like NetFlow and packet capture is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.

Leave a Reply

You must be logged in to post a comment.