How Does Your Company View Cybersecurity?

Sue Marquette Poremba

Do you think that cybersecurity is something that only big companies have to worry about or have the budget to handle?

Perhaps those large companies aren’t as prepared as you think. According to a new survey conducted by CounterTack, a provider of in-progress cyber attack intelligence and response solutions, most organizations are ill-prepared to detect and stop advanced, targeted attacks.

For its survey, “Cyber-readiness Reality Check,” CounterTack spoke to 100 information security executives at enterprise organizations with revenues greater than $100 million and found that nearly half of survey respondents indicated their organizations have been attacked within the past 12 months. One-third of those attacked lack confidence in their organizations’ readiness to defend against further aggression.

According to a release on the survey, 84 percent of information security executives believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets, and 44 percent of respondents admitted a lack of time and resources when it comes to dealing with such threats.

In the survey’s executive summary, Richard Stiennon, chief research analyst at IT-Harvest, and author of “Surviving Cyberwar and Cyber Defense: Countering Targeted Attacks,” made the following statement in regards to that 84 percent figure:

84 percent of respondents acknowledge they have some degree of vulnerability to Advanced Persistent Threats (APT). This is low in my experience. I would say that less than 1 percent of organizations have adequate defenses in place against APTs and those are of the most secure types: intelligence agencies and defense contractors with air-gapped secret networks, for example. If organizations truly understood the sophistication of APT-style attacks, this survey response would be closer to 100 percent.

These are large companies with significant income and, yet, they don’t feel prepared to take on a cyber attack? Is it because security is still pushed down the ladder rungs when it comes to overall IT needs? I encourage people to read the report as the findings are quite disturbing. For example, 34 percent of the organizations lack confidence in being able to spot an exploited communications session, and one in five don’t think they’d be able to tell if a hacker modified a file.

Where do you think your company’s security efforts lie in regards to this survey? Do you think SMBs might do a better job at providing security? I’d be curious to find out how IT professionals view their security efforts.

The professionals surveyed gave themselves a “C” for their security efforts. In today’s world, anything less than an “A” should be unacceptable. 

Add Comment      Leave a comment on this blog post
Aug 14, 2012 5:21 AM @sanderiam @sanderiam  says:
Facts like this will, I hope, persuade more people to take this stuff seriously. I agree with you that the 84% people report here feels low. If you compare it with the Verizon breach report's stat that "97% of breaches were avoidable through simple or intermediate controls" it seems like after the fact that 12-15% who don't think they are vulnerable see they are (link to Verizon report: One vector that I feel never gets enough attention in the APT talk is privilege account management. Almost every one of the APT attacks involves some account compromise and eventually touches on admin rights. So it seems like a natural fit. Randy Franklin Smith and I just did a webinar last week on that topic, in fact: Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.