Study: Companies Unsure How to Respond to Security Attack

Sue Marquette Poremba
Slide Show

Top Five Vulnerabilities Attackers Use Against Browsers

A new study from Ponemon and AccessData reveals a disturbing trend in cybersecurity. When hit with some sort of cybersecurity attack, most companies have no idea how to respond or resolve the crisis.

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations” (registration required to download) surveyed 1,083 CISOs and security technicians to find out how they deal with a data security event. The survey also wanted to know what these security professionals need to better detect such security problems, as well as what tools are needed to remediate problems after an attack.

The results were disheartening. Cyber attacks aren’t a new phenomenon, nor should they be unexpected. Yet, according to the survey responses, 86 percent of respondents say detection of a cyber attack takes too long and 85 percent say they suffer from a lack of prioritization of incidents. One statistic that I found to be interesting: Having too many alerts to an attack hurts rather than helps. According to the report, 61 percent say multiple alerts from many point solutions can hinder investigations and incident response (IR).

Add to that the fact that 35 percent of attacks never get detected and another 41 percent who say they may never know what caused an attack, and you’ve uncovered a serious cybersecurity problem. Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement:

When a cyberattack happens, immediate reaction is needed in the minutes that follow, not hours or days. It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.

It doesn’t help that CISOs aren’t being totally honest with other company executives. One of the questions posed to the CISOs interviewed was “What do you tell the CEO and board about the cyberattack?” More often than not, the response was not telling the truth about what was going on. As a FierceITSecurity article put it:

Two-thirds of respondents admitted that their chief information security officer would probably water down the cyberattack report due to fear of the reaction from the CEO and board.

Craig Carpenter, chief cybersecurity strategist at AccessData, added in a statement:

Today, companies focus primarily on the protective aspect of their information security. CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face.

Ponemon also stated that good security is seeing what is happening and then being able to do something about it. What this survey shows is that neither of these things is happening, and if we want to avoid more fallout like the Target breach, something needs to improve.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Feb 19, 2014 2:49 PM Bob Hobson Bob Hobson  says:
One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.