A new study from Ponemon and AccessData reveals a disturbing trend in cybersecurity. When hit with some sort of cybersecurity attack, most companies have no idea how to respond or resolve the crisis.
“Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations” (registration required to download) surveyed 1,083 CISOs and security technicians to find out how they deal with a data security event. The survey also wanted to know what these security professionals need to better detect such security problems, as well as what tools are needed to remediate problems after an attack.
The results were disheartening. Cyber attacks aren’t a new phenomenon, nor should they be unexpected. Yet, according to the survey responses, 86 percent of respondents say detection of a cyber attack takes too long and 85 percent say they suffer from a lack of prioritization of incidents. One statistic that I found to be interesting: Having too many alerts to an attack hurts rather than helps. According to the report, 61 percent say multiple alerts from many point solutions can hinder investigations and incident response (IR).
Add to that the fact that 35 percent of attacks never get detected and another 41 percent who say they may never know what caused an attack, and you’ve uncovered a serious cybersecurity problem. Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement:
When a cyberattack happens, immediate reaction is needed in the minutes that follow, not hours or days. It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.
It doesn’t help that CISOs aren’t being totally honest with other company executives. One of the questions posed to the CISOs interviewed was “What do you tell the CEO and board about the cyberattack?” More often than not, the response was not telling the truth about what was going on. As a FierceITSecurity article put it:
Two-thirds of respondents admitted that their chief information security officer would probably water down the cyberattack report due to fear of the reaction from the CEO and board.
Craig Carpenter, chief cybersecurity strategist at AccessData, added in a statement:
Today, companies focus primarily on the protective aspect of their information security. CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face.
Ponemon also stated that good security is seeing what is happening and then being able to do something about it. What this survey shows is that neither of these things is happening, and if we want to avoid more fallout like the Target breach, something needs to improve.