Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Hacked in 276 Seconds – Timely Intelligence Improves Ability to Thwart Cyber Attacks: Survey

Actionable Security Intelligence

Timely Security Intelligence and Quality Reporting can Improve an Organization’s Ability to Stop Cyber Attacks

Actionable Security Intelligence

Timely Security Intelligence and Quality Reporting can Improve an Organization’s Ability to Stop Cyber Attacks

Just 4.6 minutes of advance warning can mean the difference between a successful compromise or breach and a thwarted cyber-attack, according to a new Ponemon Institute study.

Organizations who were able to successfully block cyber-attacks said they needed actionable intelligence 4.6 minutes in advance to prevent the attempt to become a compromise or breach, according to a Ponemon Institute report on how organizations view threat intelligence released Wednesday. Slow, outdated, and insufficient threat intelligence is costing organizations a lot of money because the administrators don’t have the information necessary to prevent compromises, breaches, and exploits, the report found.

Organizations in the study spent an average of $10 million in the past 12 months to resolve the impact of exploits, the study found. Interestingly, if the organization had access to actionable intelligence about the attack within 60 seconds of it occurring, their cost of mitigation dropped, on average, by 40 percent. That translates to approximately $4 million in savings.

While startling, these numbers are not surprising, Sam Glines, CEO of Norse, said in a statement accompanying the study.

Enterprises “need an advanced level of threat intelligence that shrinks the interval between attack identification and mitigation down to minutes or even seconds if they are to survive the modern-day cyberthreat juggernaut,” Glines said.

Current “real-time” threat intelligence is not fast enough, as it delivers the responses on a slight delay, he said. Enterprises think they have access to only after-the-fact intelligence, but that insight is coming too late to be effective. Nearly 23 percent of the respondents said it can take as long as a day to identify a compromise, and 49 percent said it can take within a week to more than a month.

Nearly 60 percent of the respondents said they were unable to stop exploits because they either had outdated, or not enough, threat intelligence. A similar number, 57 percent, of the respondents said threat intelligence currently available to companies are generally too stale. The available intelligence didn’t provide defenders with the necessary information for to grasp and understand the motivations, tactics, and locations, of the attackers.

Advertisement. Scroll to continue reading.

Organizations who were unable to detect attacks as they were occurring said 12 minutes of advance warning is sufficient to stop them from becoming compromised. These organizations “are not as aware of the need for timely intelligence,” the report said.

Enterprises are using a wide range of technologies to gather threat intelligence, ranging from SIEM to IDS to IAM and firewalls, but have mixed feelings about the efficacy of these tools, the report found. Only 22 percent of respondents rated the security products they had between a seven and a ten, with ten being the most effective. All the rest rated the effectiveness between a one and a six, the report found.

On average, companies spend about $95 million on IT and 14 percent of this is allocated to IT security, the survey found. From there, the average budget for systems and processes that produce intelligence about cyber-threats is 20 percent of the IT security budget, or approximately $3 million, the report (PDF) found.

About 35 percent of survey participants, ranging from technicians on the staff level to executive vice-presidents, said they rely on the IT security team’s “gut feel” to determine whether or not an attack will occur. Only 23 percent say their organizations relied upon precise intelligence.

The combination of timely intelligence and quality reporting can improve an organization’s ability to stop attacks, the report said. Organizations need intelligence reports that are clear, concise and unambiguous so that quick actions can be taken, and the information needs to be delivered to the relevant parties according to a pre-determined list of priorities.

Intelligence data needs to be integrated with SIEM and other network monitoring tools, and include trend data such as the velocity or the frequency of attacks. The use of big data could strengthen an organization’s cyber-security posture. A little over half of the respondents said Advanced Persistent Threats (APTs) were their greatest concern, and a similar number were most concerned about root kits. About 45 percent of the survey participants said SQL and code injection was their biggest worry.

A little over a third of the participants said that criminal syndicates posed the biggest threats to their organizations, compared to 19 percent who viewed state-sponsored attackers as the greatest threat.

The survey included 708 IT and IT security professionals from 378 enterprises across 14 industry segments, including financial services, health and pharmaceuticals, and the public sector. Only 10 percent of the respondents knew with absolute certainty that a material exploit or breach to their networks and systems had occurred, the report found.

“The benefits of having actionable intelligence include a stronger security posture and greater awareness about when a network or system has been compromised,” the study concluded.

The full report is available here in PDF format.

Related Reading: Predictive Intelligence – Key in Today’s Security Environments

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...