This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Survey: 66% large firms unaware of recent security incidents

13 June 2013

A recent survey conducted by Lancope, a network visibility and security intelligence, revealed over two thirds (66%) of large organisations said they had not experienced a security incident in the past 12-18 months or were unsure if they had

Commenting on this finding, Tom Cross, Lancope’s director of security research, says that it’s very unlikely that none of these organisations experienced incidents during that time frame: “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter. I would assert that if you’re unsure whether or not your organisation has had a security incident, the chances are very high that the answer is yes – and this is a significant problem.”

With the constant barrage of external scanning, phishing attacks and malware being served up by websites, not to mention sophisticated, targeted attacks and insider threats, large companies face a constant security challenge. “Any organisation needs to know whether or not they’ve been subject to a security breach, and if companies believe they have not, the question may be are they really aware of everything that is happening on their networks?” Cross adds.

The respondents to Lancope’s survey indicated that the most common incidents they were aware of were malware (18%) and DDoS (16%), with insider attacks coming in at 12%. “DDoS will break your infrastructure, which hopefully an organisation would know about pretty quickly.

Similarly, malware is relatively easy to detect as your antivirus software will often find it on your network. Insider attacks are much less common in terms of total incident count compared to those launched by outsiders, but, on rare occasions, they can result in millions of dollars in losses.” Cross explains.

While 25% of respondents said that reputational damage was the worst impact that a security incident had on their organisation, 21% said they had suffered a financial loss and 13% had lost intellectual property. Interestingly, 38% of people said that they had seen no impact at all. Any security incident has some sort of impact on a company, be it having to clean up an infection or address whatever security issues led to it in the first place. Cost will hopefully be contained if an organisation has a good incident management program in place and can quickly identify which systems have been compromised. The average cost to a large organisation for its worst security breach in 2013 was £450,000 to £850,000.

With businesses constantly being pressured into allowing new technology within their enterprise, as well as enabling it to be functional and somehow fit it into the mould of existing infrastructure, it’s unsurprising that over 50% of companies felt that mobile devices/BYOD were the greatest security risk to their company. There’s a real need to be able to monitor these devices properly, understand their behaviour and detect if they have been infected. However it is hard to install software on end points and enforce policy.

One way to address this problem is to look at it these devices from the network side. With better visibility into activity on the internal network, it is possible to identify infected devices, understand what they are doing in the environment and obtain an audit trail of network and host activity without having to install software agents on the devices themselves.

At 32%, the risk of insider threats is also a worry to large organisations, as is a lack of network visibility (28%). Most organisations have strong perimeter defences, designed to protect their networks against external attackers, but insufficient information to see what is happening within their network.

By collecting audit trails of activity occurring within the internal network, organisations can gain a sense of control as to what is happening within their environment, enabling them to investigate potential insider incidents and be confident that they have effectively mitigated any risk. Other risks organisations were worried about were APTs (18%) and poor change management or operational controls (21%).

Print this page | E-mail this page