Risk of cyber threats seriously underestimated

A new study by the Ponemon Institute demonstrates that a vast majority of enterprises of all sizes regularly fall victim to advanced cyber threats, at the same time, more than half of these organizations recognize their defensive technologies, personnel and budget as “inadequate.”

The group of nearly 600 IT and IT security leaders provided insight into a wide variety of issues and concerns surrounding business risk and the security of enterprise technology environments.

“Information security is not a set-it-and-forget-it proposition,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag. More than 70% of organizations reported that advanced threats are evading traditional security stalwarts such as AV and IDS. The stakes could not be higher since nearly half of the sample group has also experienced the loss of critical business information as a result of a successful attack.”

With more than 83% believing that their organizations have been recently targeted by advanced threats (41% citing they are frequent targets) the need for training security personnel and using new methods for attack detection and remediation is a growing requirement.

Detection of advanced threats is low:

• 46% took one month or longer to detect an advanced threat
• 45% discovered the attackers “by accident”
• 47% rely on either ad hoc activities or manual analysis to detect advanced threats.

Changes are required across the board:

• 81% felt that their leadership lacked awareness of the seriousness of the business risks associated with advanced threats
• Only 24% agreed that prevention or quick detection of advanced threats is a top security priority in their organization
• Only 32% reported that their security-enabling technologies are adequate
• Only 26% reported security personnel are adequate to deal with advanced threats.