<< Back to article Print this page Loading page, please wait...

Half of organizations targets of cyberattack in last year

John P. Mello (CSO (US))
28 August, 2013 12:56

About half of global organizations have suffered a cyberattack in the last year, said a report released on Tuesday by the Information Security Media Group and Bit9.Ã'Â

Almost two-thirds of the organizations that acknowledged they'd been attacked (65 percent) said the events resulted in business disruptions -- employee or system downtime. And 19 percent lost data to a cyber assault, said the report.

However, most alarming is that of the 47 percent of about 250 IT security decision makers participating in the poll who noted their organizations had been attacked, 13 percent confessed that they did not even know if they'd been targeted or not.

"That's shocking," cybersecurity software maker Bit9's CSO, Nick Levay, told CSOonline. "I was expecting that to be a single-digit number and low single-digit number at that."

"In my experience, everybody has experienced a steady stream of attacks," he said. "Even if you're not experiencing targeted attacks, if you have people browsing the Web you're getting hit with Java exploits, Blackhole exploits and what not coming through advertisements and such."

"It made me think that many organizations are not doing an adequate job tracking metrics having to do with security," Levay added.

Fred Kost, head of product marketing at Check Point, said thatÃ'Â while the number of organizations without a clue about cyberattacks on their systems may be shocking, it isn't surprising.

"Attackers today are very clever," Kost said in an interview. "They try to obfuscate their attacks. It's getting harder for organizations to know what's happening."

The researchers also discovered that 70 percent of the respondents -- 62 percent of them from organizations located in the United States -- believed that they were most vulnerable to cyberattack at user endpoints -- PCs, laptops and desktops.

"There is a huge blind spot when it comes to server and end point visibility," Bit9's Levay said.

It's a blind spot, however, that is drawing attention from system defenders. "Most companies now are going to target and secure their endpoints as a priority," Paul Wahlen, director of engineering at Promisec, said in an interview.

"In the past, enterprises have concentrated on firewalls, gateway protection -- the candy bar defense: crunchy on the outside, soft on the inside," Wahlen said. "Now enterprises are focused on looking at endpoints."

[Also see: Largest banks under constant cyberattack, feds say]

While a large majority of the respondents were confident about protecting their servers and endpoints from signature-based attacks, two-thirds of them (66 percent) rated their defenses against non-signature-based forays as average or non-existent.

"Relying on signature-based solutions on the endpoint leaves major gaps," said Meghan Risica, senior product marketing manager at RSA.

"They can only detect what is known," she continued. "For the unknown, never-before-seen malware, organizations need to take a new approach, leveraging live memory analysis and host behavior inspection, to detect threats faster."

The study unearthed some good news in their findings for security administrators. Nearly all the respondents (98 percent) said their budgets funded security at current levels or more in 2014.

Security budgets are being helped by greater awareness of the value of protecting a business's information resources.

"Security is moving up in organizations," Check Point's Kost said. "It's no longer the firewall and network administrator worried about security. There areÃ'Â higher levels in the organization starting to think about this. And that's starting to happen at a lot of businesses, not just the Fortune 100."

Top funding priorities cited by the security pros were enhanced detection (45 percent), awareness and training (44 percent), and real-time endpoint or server monitoring (39 percent).

"It's no longer a question of 'Will we be attacked?' but instead 'How quickly can I detect if I've been attacked?'" RSA's Risica osaid. "That detection time is critical. You don't want to figure it out as your crown jewels are going out the door."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.