Security Executives Admit They’re Poorly Prepared for Targeted Attacks

In its new Cyber-readiness Reality Check report, security specialist CounterTack points out what many organizations fear: they’re ill-prepared to detect and stop advanced, targeted attacks.

The independent survey of 100 information-security executives at large U.S. enterprises (those with $100 million or more in revenues) conducted in mid-June found that nearly half of respondents admitted that their enterprises were attacked in the past 12 months; a third of those “lack confidence in their organizations’ readiness to defend against further aggression.”

More worrisome is that 84 percent of respondents say their organizations are still “vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets.” CounterTack also said 44 percent of respondents “admitted a lack of time and resources when it comes to dealing with such threats.”

Outmoded technology is another big problem. “Static, perimeter-centric tools such as firewalls remain the most relied upon security products,” and more than a third (36 percent) admitted that if an attacker breached their perimeter defenses and accessed their networks, “they would not be able to see or stop the attack.” [Emphasis added] Good grief.

Yes, 80 percent of security executives admit that their enterprise could benefit from “adopting a military-style approach to security learned from physical battlefields -- such as situational awareness and intelligence gathering,” but only 21 percent say they’ve taken such a “warrior” stance to protect their assets; 58 percent are taking a “protector” role in defending company assets.

The full report and a summary infographic are available at www.countertack.com/report.

-- James E. Powell
Editorial Director, ESJ

Posted on 08/13/2012