This will not come as a surprise to most IT security people: Most enterprises lack the tools and business intelligence to protect their critical information in an optimal manner, according to new research conducted by the Ponemon Institute and sponsored by Websense.
The main problems are a critical deficit of security solution effectiveness, a disconnect in executives’ perceived value of data, and limited visibility into attack activity, according to the global cyber-security report,
The findings, based on the responses of IT security practitioners with an average of 10 years’ experience in the field from 15 countries, including Brazil, China, Germany, India, the United Kingdom and the United States, revealed a global consensus that security professionals need access to heightened threat intelligence and defenses.
According to respondents, there is a gap between data breach perception and reality–specifically regarding the potential revenue loss to their business. Eighty percent of respondents say their company's leaders do not equate losing confidential data with a potential loss of revenue.
Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the ex-filtration of confidential information.
In addition, the majority of respondents (69 percent) said they believe cyber-security threats sometimes fall through the cracks of their companies’ existing security systems.
"While there are significant differences among countries for specific questions (such as availability of cyber-attack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. "This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue."
Less than half of the respondents (41 percent) said they believe they have a good understanding about the threat landscape facing their company, and just 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack.
In addition, more than one-third (35 percent) of those who had lost sensitive or confidential information did not know exactly what data had been stolen.
"This global security report shows that the cyber-security industry still has more work to do when it comes to addressing cyber-attacks," John McCormack, Websense CEO, said in a statement. "Security professionals need effective security measures and heightened security intelligence to keep organizations safe from advanced attacks and data loss."
Nearly half (48 percent) of respondents said their board-level executives have a sub-par understanding of security issues. However, the report noted cyber-security awareness has actually most likely increased from that of a few years ago.
About six in 10 (59 percent) companies do not have adequate intelligence or are unsure about attempted attacks and their impact. Further, 51 percent say their security solutions do not inform them about the root causes of an attack, or they are unsure.