An overwhelming majority of companies have seen advanced security attacks on infrastructure, customer databases and internal systems by sophisticated malware, according to a report by the Ponemon Institute, an independent research and consulting firm dedicated to information management and privacy.
The study, co-sponsored by the network-security vendor NetWitness, found 83 percent of 591 executives reported their companies have been targeted by advanced, stealthy attacks with more than 40 percent claiming they are targeted frequently.
“In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag,” said Larry Ponemon, chairman of the Ponemon Institute, in a July 6 statement. “More than 70 percent of organizations reported that advanced threats are evading traditional security stalwarts such as AV and IDS. The stakes could not be higher since nearly half of the sample group has also experienced the loss of critical business information as a result of a successful attack.”
Other significant data from the study showed the challenges of detecting threats to be a time consuming and accidental process rather than proactive information technology management practices. Forty-six percent of companies took a month or longer to detect advanced threats; 45 percent discovered threats accidentally. Just over one-third (32 percent) believe they have adequate security technologies currently in place, with 26 percent reporting they have adequate security professionals working in their departments.
Security breaches and hacks occur a lot more frequently than most companies would care to publicly recognize, asserted Mike Spinney, a senior privacy analyst for Ponemon in a blog post about the study. Spinney detailed two infamous instances of recent corporate espionage at chemical company DuPont in the post. Spinney wrote:
“A number of high profile cases of corporate espionage in the chemical industry, including two instances involving the DuPont Company, illustrated the simple truth that any data that has value will be targeted by data thieves. In two separate events, former DuPont employees Hong Meng and Gary Min made off with trade secrets before moving on to new situations. In Meng’s case, the IP was headed back to his homeland in China. Min had accepted a job with a DuPont competitor.”
He continued:
“Make no mistake – your enemies and our rivals are hard at work trying to gain illicit access to the valuable information stored within your enterprise. At best they may be hoping to play catch up with the pilfered fruit of your investments in R&D. At worst, they may have designs to do financial harm to individuals, or physical harm to people and property on American shores.”
One of the biggest revelations in the cyber-threats study is the finding that 81 percent of those surveyed did not think the leaders of their companies were aware of the seriousness of these threats and attacks.
“The Ponemon Institute study provides the first true industry insight into the deep concerns of commercial and government organizations in the United States regarding advanced threats,” said Nick Lantuh, president of NetWitness, in the statement. “It is clear from these statistics that organizations are experiencing both the frustration and the material losses associated with advanced threats, and are seeking better ways to mitigate these serious risks to their critical business operations.”