Cyber-Attacks: A Failure to Detect, Investigate

 
 
By Karen A. Frenkel  |  Posted 03-27-2014 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Current Point Solution Approach to Cyber-Security Is Flawed
    Next

    Current Point Solution Approach to Cyber-Security Is Flawed

    86% of respondents say it takes too long to detect a cyber-attack.
  • Previous
    Alerts Are Not Prioritized
    Next

    Alerts Are Not Prioritized

    85% say they suffer from the inability to prioritize alerts as they arrive.
  • Previous
    Point Solutions Are Not Integrated Well
    Next

    Point Solutions Are Not Integrated Well

    74% say poor or no integration between security products hinders their response capabilities.
  • Previous
    Many Alerts Paralyze Incident Response Efforts
    Next

    Many Alerts Paralyze Incident Response Efforts

    Too many alerts from too many point solutions hinder investigations, according to 61% of respondents.
  • Previous
    Root Causes Remain Mysterious
    Next

    Root Causes Remain Mysterious

    66% of respondents say determining the root cause of prior incidents helps them strengthen defenses, but 38% say finding the root cause could take a year.
  • Previous
    Two-Fifths of CISOs Resigned to Unknown Causes of Attacks
    Next

    Two-Fifths of CISOs Resigned to Unknown Causes of Attacks

    41% of respondents say they would never be able to identify the cause of security events with certainty.
  • Previous
    Latest Indicators of Data Breach Largely Unusable
    Next

    Latest Indicators of Data Breach Largely Unusable

    59% of respondents say they cannot efficiently and effectively use integrated threat intelligence with their security products.
  • Previous
    Importing Multiple Threat Intelligence Feeds Is Difficult
    Next

    Importing Multiple Threat Intelligence Feeds Is Difficult

    40% of respondents say none of their security products support imported threat intelligence from elsewhere.
  • Previous
    Investigating Attacks on Mobile Devices
    Next

    Investigating Attacks on Mobile Devices

    86% of respondents rate the investigation of mobile devices as difficult.
  • Previous
    Locating Trade Secrets on Mobile Devices
    Next

    Locating Trade Secrets on Mobile Devices

    54% of respondents say they cannot or are unclear about how to find sensitive data, like trade secrets and personally identifiable information, on mobile devices.
  • Previous
    Incident Resolution Platform Recommended
    Next

    Incident Resolution Platform Recommended

    Says Craig Carpenter, Chief Cyber Security Strategist at AccessData, "Companies need an incident resolution platform that doesn't just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant current portions of the incident response process."
 

The failure to detect cyber-attacks and investigate them puts companies and their CISOs' jobs (and, of course, CIOs' jobs) at "significant risk," according to a new Ponemon Institute study. The report, "Threat Intelligence and Incident Response: A Study of U.S. and EMEA Organizations," was sponsored by AccessData Group. The study surveyed 1,083 CISOs and security technicians about how their companies respond after a cyber-attack. The survey also asked what would help respondents more successfully detect and remediate such attacks. "It's readily clear from the survey that incident response [IR] processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies' and clients' time, resources and money are not lost in the immediate aftermath of the event," says Ponemon Institute chairman and founder Larry Ponemon. When CEOs and board of directors request a briefing from the security team after an attack, 65 percent of respondents say the briefing would be purposely modified, filtered or watered down, according to the report. Furthermore, 78 percent of respondents believe most CISOs would make a best guess based on limited information, take premature action, and report contrary to fact that the problem had been resolved. To read the full report (subscription required), click here.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...