More than 74 percent of IT security professionals are not confident that their network has never been breached by a foreign state-sponsored attack or an advanced persistent threat, according to a Lieberman Software survey of nearly 200 IT security pros at the Black Hat USA 2013 convention in Las Vegas.
More than half (52 percent) said they are not confident that their IT staff could detect the presence of an attacker who attempts to breach their network or extract private data–even though the vast majority of respondents work in organizations that have taken at least some additional security precautions.
“What was also striking was that more than a third felt that their current IT infrastructure was insufficient in the face of a heavy-set attack, yet not all of the respondents were prepared to do something about it,” Lieberman Software president and CEO Philip Lieberman said in a statement. “I wonder if they feel that sitting tight and hoping for the best is efficient and sufficient protection.”
In addition, nearly 58 percent of those surveyed thought that the United States is losing the battle against state-sponsored attacks, and nearly 63 percent of respondents said they think a state-sponsored attacker will attempt to breach their organization in the next six months.
“I would have imagined this figure to be higher than 58 percent because the truth is that most organizations will lose the battle if they end up on the target list of a state-sponsored attacker,” Amar Singh, ISACA Security Advisory Group chair, noted in the report.
In order to try and combat state-sponsored attacks, 90 percent had made efforts to protect themselves. This included 90 percent giving user training to protect against advanced persistent threats (APTs), while the same number had also added new security appliances and 89 percent had carried out endpoint testing to protect against APTs.
Also, 81 percent of respondents’ organizations carry out pen testing to protect against APTs. However, more than one-third of respondents (36 percent) said they did not think that their organizations’ current products and processes could keep up with new and emerging threats.
“The fact that businesses acknowledge what a challenge APTs present to their networks and are willing to do something about it proves that this is no smokescreen,” Lieberman continued. “As our survey found, almost 90 percent of the senior IT security professionals we spoke to at Black Hat had invested in penetration testing services or education of users, and it is good to see such a high number making preparations for the worst eventuality.”
Respondents were asked which additional security precautions their organizations’ had taken: user training, security appliances, end point testing and pen testing. Just less than 70 percent of respondents said that they use all of these security measures, while only 1.1 percent stated that they do not use any of them.