A vast majority of enterprises of all sizes regularly fall victim to advanced cyber threats, at the same time, more than half of these organizations recognize their defensive technologies, personnel and budget as "inadequate," says a report by the Ponemon Institute.
"Information security is not a set-it-and-forget-it proposition," said Larry Ponemon, chairman and founder of the Ponemon Institute. "In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag. More than 70 percent of organizations reported that advanced threats are evading traditional security stalwarts such as AV and IDS. The stakes could not be higher since nearly half of the sample group has also experienced the loss of critical business information as a result of a successful attack."
With more than 83 percent believing that their organizations have been recently targeted by advanced threats (41 percent citing they are frequent targets) the need for training security personnel and using new methods for attack detection and remediation is a growing requirement, the report says.
Other results include:
- 46 percent took one month or longer to detect an advanced threat 45 percent discovered the attackers "by accident"
- 47 percent rely on either ad hoc activities or manual analysis to detect advanced threats
- 81 percent felt that their leadership lacked awareness of the seriousness of the business risks associated with advanced threats
- Only 24 percent agreed that prevention or quick detection of advanced threats is a top security priority in their organization
- Only 32 percent reported that their security-enabling technologies are adequate
- Only 26 percent reported security personnel are adequate to deal with advanced threats.