Cyber-Attacks: A Failure to Detect, Investigate
-
Current Point Solution Approach to Cyber-Security Is Flawed
86% of respondents say it takes too long to detect a cyber-attack. -
Alerts Are Not Prioritized
85% say they suffer from the inability to prioritize alerts as they arrive. -
Point Solutions Are Not Integrated Well
74% say poor or no integration between security products hinders their response capabilities. -
Many Alerts Paralyze Incident Response Efforts
Too many alerts from too many point solutions hinder investigations, according to 61% of respondents. -
Root Causes Remain Mysterious
66% of respondents say determining the root cause of prior incidents helps them strengthen defenses, but 38% say finding the root cause could take a year. -
Two-Fifths of CISOs Resigned to Unknown Causes of Attacks
41% of respondents say they would never be able to identify the cause of security events with certainty. -
Latest Indicators of Data Breach Largely Unusable
59% of respondents say they cannot efficiently and effectively use integrated threat intelligence with their security products. -
Importing Multiple Threat Intelligence Feeds Is Difficult
40% of respondents say none of their security products support imported threat intelligence from elsewhere. -
Investigating Attacks on Mobile Devices
86% of respondents rate the investigation of mobile devices as difficult. -
Locating Trade Secrets on Mobile Devices
54% of respondents say they cannot or are unclear about how to find sensitive data, like trade secrets and personally identifiable information, on mobile devices. -
Incident Resolution Platform Recommended
Says Craig Carpenter, Chief Cyber Security Strategist at AccessData, "Companies need an incident resolution platform that doesn't just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant current portions of the incident response process."
The failure to detect cyber-attacks and investigate them puts companies and their CISOs' jobs (and, of course, CIOs' jobs) at "significant risk," according to a new Ponemon Institute study. The report, "Threat Intelligence and Incident Response: A Study of U.S. and EMEA Organizations," was sponsored by AccessData Group. The study surveyed 1,083 CISOs and security technicians about how their companies respond after a cyber-attack. The survey also asked what would help respondents more successfully detect and remediate such attacks. "It's readily clear from the survey that incident response [IR] processes need to incorporate powerful, intuitive technology that helps teams act quickly, effectively and with key evidence so their companies' and clients' time, resources and money are not lost in the immediate aftermath of the event," says Ponemon Institute chairman and founder Larry Ponemon. When CEOs and board of directors request a briefing from the security team after an attack, 65 percent of respondents say the briefing would be purposely modified, filtered or watered down, according to the report. Furthermore, 78 percent of respondents believe most CISOs would make a best guess based on limited information, take premature action, and report contrary to fact that the problem had been resolved. To read the full report (subscription required), click here.