IT Security Unprepared for Targeted Attacks

Businesses are struggling to prevent targeted security attacks with IT departments that take a protective stance.

Businesses are ill-prepared to detect and stop advanced, targeted security attacks, according to a survey of information security executives at enterprise organizations with revenue greater than $100 million. The study, sponsored by cyber-attack intelligence and response solutions provider CounterTack and conducted by ResearchNow, showed that nearly half the respondents indicated their organizations were attacked within the past year, and one-third of those attacked said they lack confidence in their organizations' readiness and ability to defend against other attacks.

Thirty-six percent of respondents indicated that if an attacker got inside their perimeter defenses and into their networks, they would not be able to see or stop the attack, and respondents gave themselves low marks when asked to grade themselves at discovering in-progress attacks quickly enough to mitigate damage and prevent catastrophic loss. In addition, nearly one-third of security teams said they spend more than 50 hours per month studying existing malware permutations to prevent future attacks.

"This survey corroborates the anecdotal evidence many of us in the industry are exposed to, which paints a chillingly accurate picture of a growing chasm between executive awareness about the nature of rapidly evolving threats and the available resources to address them," Richard Stiennon, chief research analyst at IT-Harvest, said in prepared remarks. "While the willingness of information security executives to explore new ways of dealing with targeted advanced threats in the coming months is an encouraging finding, it's also evident that economic constraints and outmoded thinking will remain stumbling blocks."

Despite the number of hours devoted to preventing attacks, 44 percent of respondents admitted a lack of time and resources when it comes to dealing with such threats, and 84 percent of information security executives said they believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets.

While four out of five respondents said they believe their organizations could benefit from adopting a military-style approach to security, such as situational awareness and intelligence gathering, just 21 percent credited themselves with currently taking a "warrior" stance to cyber-defense, in contrast with the 58 percent of respondents who indicated taking more of a "protector" role when it comes to defending organizational assets.

"The new cyber landscape calls for organizations to recognize that advanced, targeted attacks have moved inside the virtual walls of their networks and that a more anticipatory posture in the face of eventual attacks is required," Neal Creighton, CEO at CounterTack, said in a press statement. "This CounterTack study clearly shows that the adoption of an active, agile approach based on real-time situational awareness and intelligence will be critical to effectively stopping in-progress cyber-attacks."