The Ponemon Institute research also shows that, as a result, Computer Security Incident Response Teams (CSIRTs) often lack the resources necessary to fend off the continuous onslaught of advanced threats facing todays organisations.
Key findings from the study, which surveyed 674 IT and IT security professionals involved in their organisation’s CSIRT activities, include:
Security incidents are imminent
Some 68 per cent of respondents say their organisation experienced a security breach or incident in the past 24 months. Only 46 per cent say another incident is imminent and could happen within the next six months.
Management is largely unaware of cyber security threats
A shocking 80 per cent of respondents reported that they dont frequently communicate with executive management about potential cyber-attacks against their organisation.
Organisations are not measuring the effectiveness of their incident response efforts
Only 50 per cent of respondents have meaningful operational metrics to measure the overall effectiveness of incident response.
Breaches remain unresolved for an entire month
While most organisations said they could identify a security incident within a matter of hours, it takes an entire month on average to work through the process of incident investigation, service restoration and verification.
CSIRTs lack adequate investments
Half of all respondents say that less than ten per cent of their security budgets are used for incident response activities, and most say their incident response budgets have not increased in the past 24 months.
Network audit trails are the most effective tool for incident response
Most respondents say that analysis of audit trails from sources like NetFlow and packet captures is the most effective approach for detecting security incidents and breaches. This choice was more popular than intrusion detection systems and anti-virus software.
The findings of our research suggest that companies are not always making the right investments in incident response,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. As a result, they may not be as prepared as they should be to respond to security incidents. One recommendation is for organisations to elevate the importance of incident response and make it a critical component of their overall business strategy.
Mike Potts, president and CEO of Lancope, agrees, stating that if 2013 is any indication, todays enterprises are ill-equipped to identify and halt sophisticated attacks launched by nation-states, malicious outsiders and determined insiders. Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches and damaging corporate losses we are seeing in the media on a near-daily basis.