In a survey of IT, security and operations professionals, nearly all the responders were concerned about network downtime, but only two-thirds of them had an incident response in place.
Despite recent studies indicating that IT executives consider information
security a high priority for their organizations, many organizations are
not prepared to "adequately respond" to security incidents, according
to a recent study from Solera Networks.
Almost all the respondents, or 96 percent, considered employee Web
activity, such as browsing to a malicious Website, a threat, according to
the study. A significant number, 71 percent, said instant
messaging poses security threats. Very few respondents, or 12 percent, felt
the organization could effectively monitor or capture IM activity.
Most survey respondents had, or expected to have, a "significant"
security incident. A little over a third of the respondents reported a
significant security incident within the last three years, and more than 80
percent thought it likely they would experience one in the next three years, according
to the study.
"Opportunistic theft and vandalism on networks is being replaced with
targeted, multi-component, persistent attacks focused on specific systems and
assets," said Peter Schlampp, vice president of marketing and product
management at Solera.
While being hit by malware, such as worms and Trojans, were a concern, 93
percent of respondents said they were "moderately or extremely
concerned" about network downtime, followed with 92 percent concerned
about the time required to recover from security incidents. Malware was the
third item respondents were worried about.
In fact, network downtime concerns trumped all worries. Even though almost a
third of the respondents said attackers were more likely to steal intellectual
property, only 69 percent were worried about actual theft.
There was a very wide gap between what staff and managers were worried about
and what the company was doing. Despite being worried about an attack, half of
the organizations knew they were either not prepared or only somewhat prepared
to handle these incidents.
Most organizations are "ill-prepared" to prevent and respond to
security incidents, said Schlampp.
About 35 percent of the organizations surveyed reported having "weak or
no incident response plans" to address business
continuity and recover from network downtime.
Nearly everyone, or 96 percent, said real-time traffic data and network
forensics would help analyze and review what is happening on the network, but
only 19 percent said their organization has the capability to collect the data,
according to the survey. Survey researchers found that even those who claim to
collect the data are getting very limited information.
The "good news" is that many organizations recognize that the
ability to perform real-time network forensics is critical, and are beginning
to budget and plan for it, wrote the researchers.
Solera's Network Forensics Survey is an annual survey, in its second year,
examining how IT and network security personnel view and respond to network
security breaches. More than 1,000 IT professionals from large
enterprises in the United States,
with at least 1,000 network nodes, were selected for the survey. Upper and
middle management made up a little over two-thirds of the respondents. The
remainder consisted of regular staff and workgroup managers. About 27 percent
of the respondents were security professionals, and half were part of the IT