Do you think that cybersecurity is something that only big companies have to worry about or have the budget to handle?
Perhaps those large companies aren’t as prepared as you think. According to a new survey conducted by CounterTack, a provider of in-progress cyber attack intelligence and response solutions, most organizations are ill-prepared to detect and stop advanced, targeted attacks.
For its survey, “Cyber-readiness Reality Check,” CounterTack spoke to 100 information security executives at enterprise organizations with revenues greater than $100 million and found that nearly half of survey respondents indicated their organizations have been attacked within the past 12 months. One-third of those attacked lack confidence in their organizations’ readiness to defend against further aggression.
According to a release on the survey, 84 percent of information security executives believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets, and 44 percent of respondents admitted a lack of time and resources when it comes to dealing with such threats.
In the survey’s executive summary, Richard Stiennon, chief research analyst at IT-Harvest, and author of “Surviving Cyberwar and Cyber Defense: Countering Targeted Attacks,” made the following statement in regards to that 84 percent figure:
84 percent of respondents acknowledge they have some degree of vulnerability to Advanced Persistent Threats (APT). This is low in my experience. I would say that less than 1 percent of organizations have adequate defenses in place against APTs and those are of the most secure types: intelligence agencies and defense contractors with air-gapped secret networks, for example. If organizations truly understood the sophistication of APT-style attacks, this survey response would be closer to 100 percent.
These are large companies with significant income and, yet, they don’t feel prepared to take on a cyber attack? Is it because security is still pushed down the ladder rungs when it comes to overall IT needs? I encourage people to read the report as the findings are quite disturbing. For example, 34 percent of the organizations lack confidence in being able to spot an exploited communications session, and one in five don’t think they’d be able to tell if a hacker modified a file.
Where do you think your company’s security efforts lie in regards to this survey? Do you think SMBs might do a better job at providing security? I’d be curious to find out how IT professionals view their security efforts.
The professionals surveyed gave themselves a “C” for their security efforts. In today’s world, anything less than an “A” should be unacceptable.