Most organizations are unable to resolve a cyber attack
Posted on 14 February 2014.
The lack of incident detection and investigation puts companies and their CISOs' jobs at significant risk, according to a new Ponemon Institute study. In fact, when a CEO and Board of Directors asks a security team for a briefing immediately following an incident, 65% of respondents believe that the briefing would be purposefully modified, filtered or watered down.

Additionally, 78% of respondents believe most CISOs would make a “best effort guess” based on limited information, and they would also take action prematurely and report that the problem had been resolved without this actually being the case.

This disconnect results from several critical shortcomings in the current point solution approach to cybersecurity and incident response (IR), namely:
  • Lack of timely compromise detection: 86% of respondents say detection of a cyber-attack takes too long;
  • Inability of point solutions to prioritize alerts as they come in: 85% say they suffer from a lack of prioritization of incidents;
  • Lack of integration between point solutions: 74% say poor or no integration between security products negatively affects response capabilities; and
  • An overwhelming number of alerts paralyzing IR efforts: 61% say too many alerts from too many point solutions also hinders investigations.
“When a cyber-attack happens, immediate reaction is needed in the minutes that follow, not hours or days,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “It’s readily clear from the survey that IR processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies’ and clients’ time, resources and money are not lost in the immediate aftermath of the event.”

Further, the respondents also shared growing concerns about the inability to find the root cause of a compromise. While 66% of respondents believe determining root cause of prior incidents enables them to strengthen defenses, 38% of respondents say determining the root cause of a compromise could take a year while an alarming 41% believe they would never be able to identify the root-cause of security events with certainty.

Lastly, integrated threat intelligence – a hugely promising approach to arming CISOs with the latest indicators of compromise (IOC) information and ability to confirm threats – appears to be largely unusable by current security products, with a full 59% of respondents saying they are not able to efficiently and effectively use threat intelligence with their existing security products.

Additional key findings revealed that current security products make it difficult to import multiple threat intelligence feeds or quickly investigate mobile devices:
  • 40% say none of their security products support imported threat intelligence from other sources
  • 86% rate the investigation of mobile devices as difficult
  • 54% say they are not able to or unsure of how to locate sensitive data such as trade secrets and personally identifiable information (PII) on mobile devices.
The report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations, sponsored by AccessData, surveyed 1,083 CISOs and security technicians in the United States and EMEA about how their company handles the immediate aftermath of a cyber-attack and what would help their teams more successfully detect and remediate these events.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //