Report Shows Organizations are Scared and Not Prepared for Effective Response to Security Events
Many, if not most organizations expect to experience a significant security incident within the foreseeable future, yet most are not prepared to adequately respond if and when one does occur. That was the conclusion of a study released today from network forensics firm, Solera Networks.
The 2nd Annual Network Forensics Survey, conducted by Trusted Strategies, polled more than 200 security professionals within large organizations to and were asked the likelihood of their organizations experiencing a significant network security breach, and how prepared they were to detect and respond to such an incident. The results reveal that most organizations are not adequately prepared to determine source and scope of attacks.
According to the survey, most participants (96 percent) recognize the value of real-time situational awareness and network forensics, yet only about 19% say their network security teams currently have the capability to gather enough information from an attack to prevent it again in the future.
When survey participants were asked what concerns them the most, major malware infections were of significant concern (89%). However, system or network outages were the largest fears with 93% of the respondents indicating they were moderately to extremely concerned about network downtime.
Additional concerns include theft of IP (66%), brand damage (44%), and the costs associated with complete recovery (69%). According to the recently released Kroll Annual Global Fraud Report, theft of information or assets was reported by 27.3% of companies over the past 12 months, up from 18% in 2009, showing a clear need for companies need to regularly evaluate how they are controlling and monitoring access to information.
Other Key Findings from the 2nd Annual Network Forensics Survey:
• 35% of survey respondents said they have had what they consider a “significant security incident” within the last 3 years.
• 82% think it’s likely they will experience a significant security incident within the next 3 years.
• 96% feel threatened by employee web activity, and 71% fear that instant messaging poses security threats.
• 35% of organizations represented in the survey don’t have an up-to-date response plan, and 52% said they are not ready to handle a significant security incident (24% “not prepared”, 28% are only “somewhat prepared”).
• 92% expressed concern over lengthy recovery times
When incidents do occur, it’s difficult or even impossible for most organizations to maintain effective situational awareness and fully determine what is happening. 64% of respondents said they don’t have the data or tools to efficiently determine the full scope of security incidents. 20% said it’s “impossible to determine scope.”
Network Forensics can be a huge benefit when dealing with Advanced Persistent Threats (APTs), which continue to compromise networks, data and intellectual property. By having the ability to recreate an event, IT departments can see and know what is happening inside its networks and understand what happened, making it easier to deal with a breach or other security incident.
“Complete and irrefutable evidence of the event is essential in dealing with law enforcement, litigation, and regulatory compliance,” said Carlos Pereira, an IT Governance, Risk, and Compliance officer for The Clorox Company.
The report notes that many survey respondents did ask for better analytics and reports, and more complete integration with the many security components in their network systems. But at the end of the day, no analysis or reports can be generated without having the right data.
The methodology used for the study entailed surveying and screening over a thousand IT and security professionals from large sized organizations within the United States. Ultimately, 200 individuals were selected to participate in the survey. Most belonged to organizations with at least 1,000 network nodes and either managed or were directly involved in the maintenance of their organization’s computer networks.
Participants were from a wide range of industries, including high tech (35%), financial services (13%), and manufacturing (11%). Health care, communications, government, and other industries made up the other 41% of the survey participants.
The results of the The 2nd Annual Network Forensics Survey can be found here (Direct PDF)
