We recently commissioned a study of information security executives to gauge the state of cyber-readiness inside the enterprise. Today, we’re unveiling the complete study findings, along with corresponding in-depth analysis by Richard Stiennon, chief research analyst of IT-Harvest.
Here’s a brief look at some of the study highlights, along with an infographic illustrating key data:
-Almost half of survey respondents (49%) indicated their organizations have been attacked within the past 12 months. This number actually seemed very low to us, and reveals that when it comes to advanced, targeted attacks, many organizations still just don’t get it. Given the nature of today’s sophisticated attacks, it’s nearly impossible to give a “no” answer to this question. Either you know you have already been targeted and attacked, or you’re unsure.
-A vast majority (84 percent) of information security executives believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets. That’s probably a healthy perspective. But given the large majority rated themselves as "slightly vulnerable," one has to wonder how they rationalize the number of high profile, damaging attacks happening out there each day, and not believe they too are vulnerable to the same types of attacks.
-Respondents were more likely to give themselves a letter-grade of “C” versus an “A” when it comes to discovering in-progress cyber attacks quickly enough to mitigate damage and prevent catastrophic loss.
-Thirty-six percent of respondents indicated that if an attacker got inside their perimeter defenses and into their networks, they would not be able to see or stop the attack.
-Nearly half of respondents (44 percent) believe they need a better-educated security team. This reflects a major shift taking place in the market. Security staffs are no longer focused on configuring firewalls and routers – rather, they are required to understand the intricate interworkings of their networks and end-points, as well as how sophisticated attackers are exploiting these resources.
-Despite the willingness of some security executives to explore new solutions (for example, 18 percent indicated plans to purchase new cyber intelligence technologies), static, perimeter-centric tools such as firewalls remain the most relied upon security products and nearly one-third of security teams spend more than fifty hours per month studying existing malware permutations to prevent future attacks.
-Four out of five surveyed cyber security executives believe that enterprise could benefit from adopting a military-style approach to security learned from physical battlefields, such as situational awareness and intelligence gathering. Military commanders put heavy emphasis on real-time intelligence and situational awareness so they know exactly what is happening, as it happens – enabling them to make necessary adjustments to their plans on-the-fly. Likewise, to effectively defend their organizations, IT security executives must become “cyber warriors,” who are agile, adaptive, anticipatory, proactive, well-trained and well-equipped.
We invite you to download the free "Cyber-readiness Reality Check” report here.