Analytics
1/21/2014
10:27 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Lancope And Ponemon Institute Study: CEOs In The Dark About Cyberattacks

Results also indicate that many organizations are ill-prepared to fend off today’s advanced threats

Atlanta, January 21, 2014 – Lancope, Inc., a leader in network visibility and security intelligence, today announced the results of a Ponemon Institute report entitled, "Cyber Security Incident Response: Are we as prepared as we think?" Findings show that while security threats are imminent, CEOs and other members of the management team are in the dark about potential cyber-attacks against their companies. The research also shows that, as a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing today's organizations.

Commissioned by Lancope, the Ponemon Institute research surveyed 674 IT and IT security professionals in the United States and the United Kingdom who are involved in their organization's CSIRT activities. The study concludes with key recommendations for organizations looking to improve their incident response process.

Key findings from the study include:

- Security incidents are imminent– Sixty-eight percent of respondents say their organization experienced a security breach or incident in the past 24 months. Forty-six percent say another incident is imminent and could happen within the next six months.

- Management is largely unaware of cyber security threats – Eighty percent of respondents reported that they don't frequently communicate with executive management about potential cyber-attacks against their organization.

- Organizations are not measuring the effectiveness of their incident response efforts – Fifty percent of respondents do not have meaningful operational metrics to measure the overall effectiveness of incident response.

- Breaches remain unresolved for an entire month – While most organizations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.

- CSIRTs lack adequate investments– Half of all respondents say that less than 10% of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.

- Network audit trails are the most effective tool for incident response – Eighty percent of respondents say that analysis of audit trails from sources like NetFlow and packet captures is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.

"The findings of our research suggest that companies are not always making the right investments in incident response," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "As a result, they may not be as prepared as they should be to respond to security incidents. One recommendation is for organizations to elevate the importance of incident response and make it a critical component of their overall business strategy."

"If 2013 is any indication, today's enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation-states, malicious outsiders and determined insiders," said Mike Potts, president and CEO of Lancope. "Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis."

Results to be presented at RSA Conference 2014 and via webinar

Dr. Larry Ponemon will join Lancope, The Coca-Cola Company, General Motors and Viewpost executives in an RSA Conference 2014 panel discussionto explore the results of the study and share insights on how to build a great CSIRT with the executive support and respect it needs. The panel, "Why Cyber Incident Response Teams Get No Respect," will take place on Wednesday, February 26, at 9:20 a.m. U.S. Pacific time in Room 3009at the Moscone Center in San Francisco.

The results will also be presented via a free webinar on January 29, 2014 at 8:00 a.m. U.S. Pacific time. Participants can join Dr. Ponemon and Lancope's director of security research, Tom Cross, to hear about the key mistakes organizations are making when it comes to incident response, and how the right mix of people, processes and technology can dramatically improve incident response efforts. Those interested can register at: http://www.lancope.com/company-overview/webinar/ponemon-cyber-security-incident-response/.

Further Information

For media inquiries related to the Ponemon Institute incident response study, or to schedule briefings with Lancope and Dr. Larry Ponemon at RSA Conference 2014, please contact Lesley Sullivan or Kendra Dorr at Lancope@schwartzmsl.com. For a full copy of the study, "Cyber Security Incident Response: Are we as prepared as we think?" please visit: http://www.lancope.com/ponemon-incident-response/.

About the Ponemon Institute

The Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit http://www.ponemon.org.

About Lancope

Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today's top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope's StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope's security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.

Kendra Dorr

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.