Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study.
Seventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.
The report “Security Beyond the Traditional Perimeter,” (http://tinyurl.com/hkl97x9) sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.
Some of the key findings include:
° Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.
° External internet attacks are frequent and the financial costs of these attacks are significant. Respondents in this study report they experienced an average of 32 material cyber attacks or slightly more than one per month, costing their companies an average $3.5 million annually.
° Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38%), ad hoc (23%) or inconsistently applied throughout the enterprise (18%).
° Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, 62% lack the tools and resources they need to analyze and understand, and 68% lack the tools and resources they need to mitigate external threats.
“The majority of security leaders understand that these external internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”
He added: “As external threats explode in both frequency and sophistication, forward-leaning security teams are actively prioritizing external threat detection, intelligence and mitigation in their objectives,” said Roberto Drassinower, CEO of BrandProtect. “But as evidenced in today’s report by the Ponemon Institute, the majority of enterprises still have a long way to go. Despite losing millions of dollars annually to external and branded exploits, security teams are dealing with a significant readiness gap.”
Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include mobile app monitoring (cited by 62% of respondents), social engineering and organizational reconnaissance (61% of respondents), branded exploits (59% of respondents) spear-phishing infrastructure (58% of respondents), and executive and high value threats (54% of respondents.)
The Ponemon Institute survey received 591 respondents from 505 different companies representing a wide range of industries, making this one of the most comprehensive investigative surveys to date on external threat awareness, costs, preparedness and mitigation.