Large orgs in denial about own security breaches?

Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had, a recent Lancope survey has revealed.

But Tom Cross, Lancope’s director of security research, says that it’s very unlikely that none of these organizations experienced incidents during that time frame: “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter. I would assert that if you’re unsure whether or not your organization has had a security incident, the chances are very high that the answer is yes – and this is a significant problem.”

With the constant barrage of external scanning, phishing attacks and malware being served up by websites, not to mention sophisticated, targeted attacks and insider threats, large companies face a constant security challenge. “Any organization needs to know whether or not they’ve been subject to a security breach, and if companies believe they have not, the question may be are they really aware of everything that is happening on their networks?” Cross adds.

The respondents indicated that the most common incidents they were aware of were malware (18%) and DDoS (16%), with insider attacks coming in at 12%. “DDoS will break your infrastructure, which hopefully an organization would know about pretty quickly. Similarly, malware is relatively easy to detect as your antivirus software will often find it on your network. Insider attacks are much less common in terms of total incident count compared to those launched by outsiders, but, on rare occasions, they can result in millions of dollars in losses.” Cross explains.

While 25% of respondents said that reputational damage was the worst impact that a security incident had on their organization, 21% said they had suffered a financial loss and 13% had lost intellectual property. Interestingly, 38% of people said that they had seen no impact at all. Any security incident has some sort of impact on a company, be it having to clean up an infection or address whatever security issues led to it in the first place. Cost will hopefully be contained if an organization has a good incident management program in place and can quickly identify which systems have been compromised. The average cost to a large organization for its worst security breach in 2013 was £450,000 to £850,000.

With businesses constantly being pressured into allowing new technology within their enterprise, as well as enabling it to be functional and somehow fit it into the mould of existing infrastructure, it’s unsurprising that over 50% of companies felt that mobile devices/BYOD were the greatest security risk to their company. There’s a real need to be able to monitor these devices properly, understand their behavior and detect if they have been infected. However it is hard to install software on end points and enforce policy. One way to address this problem is to look at it these devices from the network side. With better visibility into activity on the internal network, it is possible to identify infected devices, understand what they are doing in the environment and obtain an audit trail of network and host activity without having to install software agents on the devices themselves.

At 32%, the risk of insider threats is also a worry to large organizations, as is a lack of network visibility (28%). Most organizations have strong perimeter defenses, designed to protect their networks against external attackers, but insufficient information to see what is happening within their network. By collecting audit trails of activity occurring within the internal network, organizations can gain a sense of control as to what is happening within their environment, enabling them to investigate potential insider incidents and be confident that they have effectively mitigated any risk. Other risks organizations were worried about were APTs (18%) and poor change management or operational controls (21%).