How bad are the technology-based threats from rivals, thieves and hackers? When more than 80 percent of companies report they have been targeted by an advanced attack, it's beyond bad.
overwhelming majority of companies have seen advanced security attacks on
infrastructure, customer databases and internal systems by sophisticated
malware, according to a report by the Ponemon Institute, an independent
research and consulting firm dedicated to information management and privacy.
The study, co-sponsored by the network-security
vendor NetWitness, found 83 percent of 591 executives reported their companies
have been targeted by advanced, stealthy attacks with more than 40 percent claiming
they are targeted frequently.
"In our discussions with key stakeholders, it
is obvious that while threats are evolving quickly, defenses continue to lag,"
said Larry Ponemon, chairman of the Ponemon Institute, in a July 6
statement. "More than 70 percent of organizations reported that advanced threats are
evading traditional security stalwarts such as AV and IDS. The stakes could
not be higher since nearly half of the sample group has also experienced the
loss of critical business information as a result of a successful attack."
Other significant data from the study showed the
challenges of detecting threats to be a time consuming and accidental
rather than proactive information technology management practices.
Forty-six percent of companies took a month or longer to detect
threats; 45 percent discovered threats accidentally. Just over
(32 percent) believe they have adequate security technologies currently
place, with 26 percent reporting they have adequate security
working in their departments.
Security breaches and hacks occur a lot more
frequently than most companies would care to publicly recognize, asserted Mike
Spinney, a senior privacy analyst for Ponemon in a blog post about the study.
Spinney detailed two infamous instances of recent corporate espionage at
chemical company DuPont in the post. Spinney wrote:
"A number of high profile cases of corporate
espionage in the chemical industry, including two instances involving the
DuPont Company, illustrated the simple truth that any data that has value will
be targeted by data thieves. In two separate events, former DuPont employeesHong Meng andGary Min made off with trade secrets before moving on to new
situations. In Meng's case, the IP was headed back to his homeland in China. Min had accepted a job
with a DuPont competitor."
"Make no mistake - your enemies and our rivals are
hard at work trying to gain illicit access to the valuable information stored
within your enterprise. At best they may be hoping to play catch up with the
pilfered fruit of your investments in R&D. At worst, they may have designs
to do financial harm to individuals, or physical harm to people and property on
One of the biggest revelations in the cyber-threats study is the finding that 81 percent of those surveyed did not think the
leaders of their companies were aware of the seriousness of these threats and
"The Ponemon Institute study provides the first
true industry insight into the deep concerns of commercial and government
organizations in the United States regarding advanced
threats," said Nick Lantuh, president of NetWitness, in the statement. "It is
clear from these statistics that organizations are experiencing both the
frustration and the material losses associated with advanced threats, and are
seeking better ways to mitigate these serious risks to their critical business