More “Cs” than “As” on industry report card, as majority of organizations still rely on outmoded security arsenals to combat targeted attacks
WALTHAM, Mass. (August 13, 2012) – CounterTack, the industry’s first and only provider of in-progress cyber attack intelligence and response solutions, today revealed findings of an independently commissioned study, which shows organizations are ill-prepared to detect and stop advanced, targeted attacks. One hundred information security executives at enterprise organizations with revenues greater than $100 million were surveyed in the company’s "Cyber-readiness Reality Check.”
Almost half of survey respondents indicated their organizations have been attacked within the past 12 months and one-third of those attacked lack confidence in their organizations’ readiness to defend against further aggression. Eighty-four percent of information security executives believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets and 44 percent of respondents admitted a lack of time and resources when it comes to dealing with such threats.
“This survey corroborates the anecdotal evidence many of us in the industry are exposed to, which paints a chillingly accurate picture of a growing chasm between executive awareness about the nature of rapidly evolving threats and the available resources to address them,” said Richard Stiennon, chief research analyst, IT-Harvest. “While the willingness of information security executives to explore new ways of dealing with targeted advanced threats in the coming months is an encouraging finding, it’s also evident that economic constraints and outmoded thinking will remain stumbling blocks.”
Four out of five surveyed cyber security executives believe that enterprise could benefit from adopting a military-style approach to security learned from physical battlefields– such as situational awareness and intelligence gathering. However, only 21 percent credited themselves with currently taking a “warrior” stance to cyber defense, using intelligence and real-time situational awareness tactics learned from the military, compared to 58 percent who indicated taking more of a “protector” role when it comes to defending organizational assets.
“The new cyber landscape calls for organizations to recognize that advanced, targeted attacks have moved inside the virtual walls of their networks and that a more anticipatory posture in the face of eventual attacks is required,” said Neal Creighton, CEO at CounterTack. “This CounterTack study clearly shows that the adoption of an active, agile approach based on real-time situational awareness and intelligence will be critical to effectively stopping in-progress cyber attacks.”
Despite the willingness of some security executives to explore new solutions (e.g., 18 percent indicated plans to purchase new cyber intelligence technologies), static, perimeter-centric tools such as firewalls remain the most relied upon security products and nearly one-third of security teams spend more than fifty hours per month studying existing malware permutations to prevent future attacks.
Thirty-six percent of respondents indicated that if an attacker got inside their perimeter defenses and into their networks, they would not be able to see or stop the attack. When asked to grade themselves at discovering in-progress attacks quickly enough to mitigate damage and prevent catastrophic loss, respondents were more likely to give themselves a letter-grade of “C” versus “A.”
To download the entire report and infographic, please visit www.countertack.com/report.
CounterTack's "Cyber-readiness Reality Check" report summarizes a survey conducted online within the United States between June 13 to June 20, 2012 by ResearchNow on behalf of CounterTack. Respondents included 100 information security executives at U.S. enterprise organizations, all with revenues greater than $100 million, spanning a number of industries including aerospace & automotive, energy, financial services, government, healthcare, high technology, manufacturing and retail. Three-quarters of respondents were C-level executives — CISOs or CSOs — and the remaining quarter filled senior-level security roles within their organizations, including IT security engineers, information assurance analysts, security systems administrators, senior IT security consultants or security architects.
CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need for enterprise and government organizations to approach security in a completely different way – combating advanced persistent threats with a new line of defense. Each year, more than $32 billion is spent worldwide on security technologies, yet motivated cyber attackers are still finding ways to penetrate the most sophisticated, layered defenses. CounterTack solves this problem by offering the fastest detection and deepest attack intelligence available, enabling customers to actively engage with the attacker and take control over the impact of the attack – even while it’s happening.
Founded as NeuralIQ, the company re-launched as CounterTack in 2011, building upon the vision and innovation of NeuralIQ. Based in Waltham, Mass., the privately held company is backed by Fairhaven Capital and a group of private investors.