A new survey by the Ponemon Institute uncovered some sobering statistics about how today's IT professionals view their organizations' preparedness with regard to cyber threats.
Consider this: Among the nearly 600 IT professionals polled, the vast majority (83 percent) believe that their companies have been recently targeted by "advanced" cyber threats, and 41 percent feel that they are frequent targets.
But even so, a whopping 81 percent of those participating in the study said leadership at their companies lacked awareness of the seriousness of the business risks associated with these types of cyber attacks.
The survey, which was sponsored by NetWitness Corporation, defined "advanced" cyber threats as, "a methodology employed to evade an organization's present technical and process countermeasures, which relies on a variety of attack techniques as opposed to one specific type." And the results clearly indicate that there's a growing need for awareness training, attack detection and remediation about these kinds of attacks.
After all, according to the new research detection of advanced threats is low:
46 percent took one month or longer to detect an advanced threat.
45 percent discovered the attackers "by accident."
47 percent said they rely on either ad hoc activities or manual analysis to detect advanced threats.
In addition, the report illustrates the need for fundamental changes to the way companies approach advanced threat awareness and management:
81 percent felt that their leadership lacked awareness of the seriousness of the business risks associated with advanced threats.
Only 24 percent agreed that prevention or quick detection of advanced threats is a top security priority in their organization.
32 percent reported that their security-enabling technologies are adequate.
26 percent reported security personnel are adequate to deal with advanced threats.
"Information security is not a set-it-and-forget-it proposition," says Larry Ponemon, Chairman and Founder of the Ponemon Institute. "In our discussions with key stakeholders, it is obvious that while threats are evolving quickly, defenses continue to lag. More than 70 percent of organizations reported that advanced threats are evading traditional security stalwarts such as AV and IDS. The stakes could not be higher since nearly half of the sample group has lost critical business information as a result of a successful attack."